bigip_sslo_config_topology – Manage an SSL Orchestrator Topology¶
New in version 1.7.0.
Parameters¶
Parameter | Choices/Defaults | Configuration | Comments | |
---|---|---|---|---|
access_profile
string
|
Defines a custom access profile to use.
When not specified, a topology-defined access profile is created.
This parameter is mandatory when
topology_type is outbound_explicit or when security_policy is set. |
|||
additional_protocols
list
/ elements=string
|
Defines a list of additional protocols to create listeners for.
This parameter is only valid when
protocol is set to tcp .Accepted values of this list are:
ftp , imap , pop3 , smtps . |
|||
auth_profile
string
|
Defines an access profile to use for explicit proxy authentication.
|
|||
dest
string
|
Defines the destination address filter and optional route domain for the topology listener.
The address must be specified in CIDR notation, with subnet mask not exceeding 32 bits.
When creating a new topology object, if dest is not specified, a value of
0.0.0.0%0/0 is assumed. |
|||
dns_resolver
string
|
Defines a per-topology DNS resolver configuration object.
This parameter is available in SSLO version 9.0 and above.
|
|||
dump_json
boolean
|
|
Sets the module to output a JSON blob for further consumption.
When
true does not make any changes on the device and always returns changed=False .The output provided is idempotent in nature, meaning if there are no changes to be made during
MODIFY on an existing service, no JSON output is generated. |
||
gateway
string
|
|
Defines the type of egress gateway to use for egress traffic.
When
system is set, a system-defined gateway route is used. This is the default choice when a creating topology object if the parameter is not provided.When
topology_type is either set to l2_outbound or l2_inbound , a gateway is automatically set to system .When
pool , the gateway configuration points to an existing gateway pool defined by the gateway_pool parameter.When
iplist , a new gateway pool is created from the provided gateway_list . |
||
gateway_list
list
/ elements=dictionary
|
Defines a list of IP addresses to use in a gateway pool configuration.
This parameter is required when
gateway is set to iplist . |
|||
ip
string
/ required
|
The IP address of the gateway in pool.
|
|||
ratio
integer
|
The ratio used for load balancing egress traffic in the gateway pool.
When creating a new topology object, if ratio is not specified, a value of
1 is assumed.Valid value range is from
1 to 65535 . |
|||
gateway_pool
string
|
Defines an existing gateway pool to use for egress traffic.
This parameter is required when
gateway is set to pool . |
|||
ip_family
string
|
|
Defines the IP family for the topology.
When creating a new topology object, if ip_family is not specified, a value of
ipv4 is assumed. |
||
l7_profile
string
|
Defines the specific HTTP profile if the
l7_profile_type is set to http .When creating a new topology object, if l7_profile is not specified, a value of
/Common/http is assumed. |
|||
l7_profile_type
string
|
|
Defines the L7 protocol type, and can either be
none for all protocols, or http .When creating a new topology object, if l7_profile_type is not specified, a value of
http is assumed. |
||
logging
dictionary
|
Defines the setting of logging characteristics for an SSL Orchestrator topology.
|
|||
ftp
string
|
|
Defines the logging facility used for the SSL Orchestrator FTP listener logging.
|
||
imap
string
|
|
Defines the logging facility used for the SSL Orchestrator IMAP listener logging.
|
||
per_request_policy
string
|
|
Defines the logging facility used for the SSL Orchestrator security policy logging.
|
||
pop3
string
|
|
Defines the logging facility used for the SSL Orchestrator POP3 listener logging.
|
||
smtps
string
|
|
Defines the logging facility used for the SSL Orchestrator SMTPS listener logging.
|
||
sslo
string
|
|
Defines the logging facility used for the SSL Orchestrator summary logging.
|
||
name
string
/ required
|
Specifies the name of the topology.
Configuration auto-prepends "sslo_" to the topology.
Topology name should be less than 14 characters and not contain dashes "-".
|
|||
ocsp_auth
string
|
This setting defines an OCSP Authentication profile.
This parameter is available in SSLO version 9.0 and later.
|
|||
pool
string
|
Defines a server pool to use in an application mode inbound topology.
|
|||
port
integer
|
Defines the port filter for the topology listener.
When creating a new topology object, if port is not specified, a value of
0 is assumed.Valid value range is from
0 to 65535 . |
|||
primary_auth_uri
string
|
Defines the authentication service (ie. captive portal) to redirect new users to.
This setting should contain a fully-qualified domain name (ex. https://auth.f5labs.com).
This parameter applies to SSLO version 8.2 and later.
Required when the
profile_scope option is named . |
|||
profile_scope
string
|
|
Defines the access profile scope.
This parameter applies to SSLO version 8.2 and later.
|
||
profile_scope_value
string
|
Defines a string name shared between the transparent proxy SSL Orchestrator profile and the captive portal authentication access profile.
This parameter applies to SSLO version 8.2 and later.
Required when the
profile_scope option is named . |
|||
protocol
string
|
|
Defines the topology protocol, either TCP, UDP, or other (non-tcp/non-udp).
When creating a new topology object, if protocol is not specified, a value of
tcp is assumed. |
||
proxy_ip
string
|
Defines the explicit proxy listener IP address.
This parameter is required when
topology_type is is outbound_explicit .This parameter is mutually exclusive with
dest and port .This parameter must be specified together with
proxy_port . |
|||
proxy_port
integer
|
Defines the explicit proxy listener port.
This parameter is required when
topology_type is is outbound_explicit .This parameter is mutually exclusive with
dest and port .This parameter must be specified together with
proxy_ip . |
|||
security_policy
string
|
Defines the name of the security policy object already created.
Configuration auto-prepends "ssloP_" to provided name if not present.
This parameter is mandatory when
proxy_type is outbound_explicit . |
|||
snat
string
|
|
Defines the type egress source NAT used.
When
none , no outbound SNAT configuration is configured. This is the default choice when creating a topology object if the parameter is not provided.When
topology_type is either set to l2_outbound or l2_inbound , a snat is automatically set to none .When
automap , SNAT auto map is configured.When
snatpool , the SNAT configuration points to an existing SNAT pool defined by the snatpool parameter.When
snatlist , a new SNAT pool is created from the provided snatlist . |
||
snat_list
list
/ elements=string
|
Defines a list of IP addresses to use in a SNAT pool configuration.
This parameter is required when
snat is set to snatlist . |
|||
snat_pool
string
|
Defines an existing SNAT pool.
This parameter required when
snat is set to snatpool . |
|||
source
string
|
Defines the source address filter and optional route domain for the topology listener.
The address must be specified in CIDR notation, with subnet mask not exceeding 32 bits.
When creating a new topology object, if source is not specified, a value of
0.0.0.0%0/0 is assumed. |
|||
ssl_settings
string
|
Defines the name of the SSL settings object already created.
Configuration auto-prepends "ssloT_" to provided name if not present.
|
|||
state
string
|
|
When
state is present , ensures the object is created or modified.When
state is absent , ensures the object is removed. |
||
tcp_settings_client
string
|
Defines a custom client side TCP profile to use.
This parameter is ignored when
topology_type is set to outbound_explicit .When not specified, the default creation value is set depending on the
topology_type . If topology_type is either set to l2_inbound or l3_inbound , the value is set to /Common/f5-tcp-wan . If topology_type is either set to l2_outbound or C(l3_outbound , the value is set to /Common/f5-tcp-lan . |
|||
tcp_settings_server
string
|
Defines a custom server side TCP profile to use.
This parameter is ignored when
topology_type is set to outbound_explicit .When not specified, the default creation value is set depending on the
topology_type . If topology_type is either set to l2_inbound or l3_inbound the value is set to /Common/f5-tcp-lan . If topology_type is either set to l2_outbound or C(l3_outbound the value is set to /Common/f5-tcp-wan . |
|||
timeout
integer
|
Default: 300
|
The amount of time to wait for the
CREATE , MODIFY or DELETE task to complete, in seconds.The accepted value range is between
10 and 1800 seconds. |
||
topology_type
string
/ required
|
|
Defines the type of topology to create.
|
||
verify_accept
boolean
|
|
Enables TCP Verify Accept proxy through an outbound topology.
This parameter is available in SSLO version 9.0 and later.
|
||
vlans
list
/ elements=string
|
Defines the list of listening VLANs for the topology listener.
This parameter is required when creating new topology object.
|
Examples¶
- name: Create SSLO Topology
bigip_sslo_topology:
name: "l3_topo_out"
topology_type: "outbound_l3"
dest: "192.168.1.4%0/32"
port: 8080
ip_family: "ipv4"
ssl_settings: "foobar"
vlans:
- "/Common/fake1"
- name: Delete SSLO Topology
bigip_sslo_topology:
name: "l3_topo_out"
topology_type: "outbound_l3"
state: "absent"