Last updated on: 2024-04-01 03:24:20.
bigip_sslo_config_topology – Manage an SSL Orchestrator Topology¶
New in version 1.7.0.
Parameters¶
| Parameter | Choices/Defaults | Configuration | Comments | |
|---|---|---|---|---|
|
access_profile
string
|
Defines a custom access profile to use.
When not specified, a topology-defined access profile is created.
This parameter is mandatory when
topology_type is outbound_explicit or when security_policy is set. |
|||
|
additional_protocols
list
/ elements=string
|
Defines a list of additional protocols to create listeners for.
This parameter is only valid when
protocol is set to tcp.Accepted values of this list are:
ftp, imap, pop3, smtps. |
|||
|
auth_profile
string
|
Defines an access profile to use for explicit proxy authentication.
|
|||
|
dest
string
|
Defines the destination address filter and optional route domain for the topology listener.
The address must be specified in CIDR notation, with subnet mask not exceeding 32 bits.
When creating a new topology object, if dest is not specified, a value of
0.0.0.0%0/0 is assumed. |
|||
|
dns_resolver
string
|
Defines a per-topology DNS resolver configuration object.
This parameter is available in SSLO version 9.0 and above.
|
|||
|
dump_json
boolean
|
|
Sets the module to output a JSON blob for further consumption.
When
true does not make any changes on the device and always returns changed=False.The output provided is idempotent in nature, meaning if there are no changes to be made during
MODIFY on an existing service, no JSON output is generated. |
||
|
gateway
string
|
|
Defines the type of egress gateway to use for egress traffic.
When
system is set, a system-defined gateway route is used. This is the default choice when a creating topology object if the parameter is not provided.When
topology_type is either set to l2_outbound or l2_inbound, a gateway is automatically set to system.When
pool, the gateway configuration points to an existing gateway pool defined by the gateway_pool parameter.When
iplist, a new gateway pool is created from the provided gateway_list. |
||
|
gateway_list
list
/ elements=dictionary
|
Defines a list of IP addresses to use in a gateway pool configuration.
This parameter is required when
gateway is set to iplist. |
|||
|
ip
string
/ required
|
The IP address of the gateway in pool.
|
|||
|
ratio
integer
|
The ratio used for load balancing egress traffic in the gateway pool.
When creating a new topology object, if ratio is not specified, a value of
1 is assumed.Valid value range is from
1 to 65535. |
|||
|
gateway_pool
string
|
Defines an existing gateway pool to use for egress traffic.
This parameter is required when
gateway is set to pool. |
|||
|
ip_family
string
|
|
Defines the IP family for the topology.
When creating a new topology object, if ip_family is not specified, a value of
ipv4 is assumed. |
||
|
l7_profile
string
|
Defines the specific HTTP profile if the
l7_profile_type is set to http.When creating a new topology object, if l7_profile is not specified, a value of
/Common/http is assumed. |
|||
|
l7_profile_type
string
|
|
Defines the L7 protocol type, and can either be
none for all protocols, or http.When creating a new topology object, if l7_profile_type is not specified, a value of
http is assumed. |
||
|
logging
dictionary
|
Defines the setting of logging characteristics for an SSL Orchestrator topology.
|
|||
|
ftp
string
|
|
Defines the logging facility used for the SSL Orchestrator FTP listener logging.
|
||
|
imap
string
|
|
Defines the logging facility used for the SSL Orchestrator IMAP listener logging.
|
||
|
per_request_policy
string
|
|
Defines the logging facility used for the SSL Orchestrator security policy logging.
|
||
|
pop3
string
|
|
Defines the logging facility used for the SSL Orchestrator POP3 listener logging.
|
||
|
smtps
string
|
|
Defines the logging facility used for the SSL Orchestrator SMTPS listener logging.
|
||
|
sslo
string
|
|
Defines the logging facility used for the SSL Orchestrator summary logging.
|
||
|
name
string
/ required
|
Specifies the name of the topology.
Configuration auto-prepends "sslo_" to the topology.
Topology name should be less than 14 characters and not contain dashes "-".
|
|||
|
ocsp_auth
string
|
This setting defines an OCSP Authentication profile.
This parameter is available in SSLO version 9.0 and later.
|
|||
|
pool
string
|
Defines a server pool to use in an application mode inbound topology.
|
|||
|
port
integer
|
Defines the port filter for the topology listener.
When creating a new topology object, if port is not specified, a value of
0 is assumed.Valid value range is from
0 to 65535. |
|||
|
primary_auth_uri
string
|
Defines the authentication service (ie. captive portal) to redirect new users to.
This setting should contain a fully-qualified domain name (ex. https://auth.f5labs.com).
This parameter applies to SSLO version 8.2 and later.
Required when the
profile_scope option is named. |
|||
|
profile_scope
string
|
|
Defines the access profile scope.
This parameter applies to SSLO version 8.2 and later.
|
||
|
profile_scope_value
string
|
Defines a string name shared between the transparent proxy SSL Orchestrator profile and the captive portal authentication access profile.
This parameter applies to SSLO version 8.2 and later.
Required when the
profile_scope option is named. |
|||
|
protocol
string
|
|
Defines the topology protocol, either TCP, UDP, or other (non-tcp/non-udp).
When creating a new topology object, if protocol is not specified, a value of
tcp is assumed. |
||
|
proxy_ip
string
|
Defines the explicit proxy listener IP address.
This parameter is required when
topology_type is is outbound_explicit.This parameter is mutually exclusive with
dest and port.This parameter must be specified together with
proxy_port. |
|||
|
proxy_port
integer
|
Defines the explicit proxy listener port.
This parameter is required when
topology_type is is outbound_explicit.This parameter is mutually exclusive with
dest and port.This parameter must be specified together with
proxy_ip. |
|||
|
security_policy
string
|
Defines the name of the security policy object already created.
Configuration auto-prepends "ssloP_" to provided name if not present.
This parameter is mandatory when
proxy_type is outbound_explicit. |
|||
|
snat
string
|
|
Defines the type egress source NAT used.
When
none, no outbound SNAT configuration is configured. This is the default choice when creating a topology object if the parameter is not provided.When
topology_type is either set to l2_outbound or l2_inbound, a snat is automatically set to none.When
automap, SNAT auto map is configured.When
snatpool, the SNAT configuration points to an existing SNAT pool defined by the snatpool parameter.When
snatlist, a new SNAT pool is created from the provided snatlist. |
||
|
snat_list
list
/ elements=string
|
Defines a list of IP addresses to use in a SNAT pool configuration.
This parameter is required when
snat is set to snatlist. |
|||
|
snat_pool
string
|
Defines an existing SNAT pool.
This parameter required when
snat is set to snatpool. |
|||
|
source
string
|
Defines the source address filter and optional route domain for the topology listener.
The address must be specified in CIDR notation, with subnet mask not exceeding 32 bits.
When creating a new topology object, if source is not specified, a value of
0.0.0.0%0/0 is assumed. |
|||
|
ssl_settings
string
|
Defines the name of the SSL settings object already created.
Configuration auto-prepends "ssloT_" to provided name if not present.
|
|||
|
state
string
|
|
When
state is present, ensures the object is created or modified.When
state is absent, ensures the object is removed. |
||
|
tcp_settings_client
string
|
Defines a custom client side TCP profile to use.
This parameter is ignored when
topology_type is set to outbound_explicit.When not specified, the default creation value is set depending on the
topology_type. If topology_type is either set to l2_inbound or l3_inbound, the value is set to /Common/f5-tcp-wan. If topology_type is either set to l2_outbound or C(l3_outbound, the value is set to /Common/f5-tcp-lan. |
|||
|
tcp_settings_server
string
|
Defines a custom server side TCP profile to use.
This parameter is ignored when
topology_type is set to outbound_explicit.When not specified, the default creation value is set depending on the
topology_type. If topology_type is either set to l2_inbound or l3_inbound the value is set to /Common/f5-tcp-lan. If topology_type is either set to l2_outbound or C(l3_outbound the value is set to /Common/f5-tcp-wan. |
|||
|
timeout
integer
|
Default: 300
|
The amount of time to wait for the
CREATE, MODIFY or DELETE task to complete, in seconds.The accepted value range is between
10 and 1800 seconds. |
||
|
topology_type
string
/ required
|
|
Defines the type of topology to create.
|
||
|
verify_accept
boolean
|
|
Enables TCP Verify Accept proxy through an outbound topology.
This parameter is available in SSLO version 9.0 and later.
|
||
|
vlans
list
/ elements=string
|
Defines the list of listening VLANs for the topology listener.
This parameter is required when creating new topology object.
|
|||
Examples¶
- name: Create SSLO Topology
bigip_sslo_topology:
name: "l3_topo_out"
topology_type: "outbound_l3"
dest: "192.168.1.4%0/32"
port: 8080
ip_family: "ipv4"
ssl_settings: "foobar"
vlans:
- "/Common/fake1"
- name: Delete SSLO Topology
bigip_sslo_topology:
name: "l3_topo_out"
topology_type: "outbound_l3"
state: "absent"