Documentation

bigip_device_facts – Collect facts from F5 BIG-IP devices

New in version 2.7.

Synopsis

  • Collect facts from F5 BIG-IP devices.

Parameters

Parameter Choices/Defaults Comments
gather_subset
list / required
    Choices:
  • all
  • monitors
  • profiles
  • asm-policy-stats
  • asm-policies
  • asm-server-technologies
  • asm-signature-sets
  • client-ssl-profiles
  • devices
  • device-groups
  • external-monitors
  • fasthttp-profiles
  • fastl4-profiles
  • gateway-icmp-monitors
  • gtm-pools
  • gtm-servers
  • gtm-wide-ips
  • gtm-a-pools
  • gtm-a-wide-ips
  • gtm-aaaa-pools
  • gtm-aaaa-wide-ips
  • gtm-cname-pools
  • gtm-cname-wide-ips
  • gtm-mx-pools
  • gtm-mx-wide-ips
  • gtm-naptr-pools
  • gtm-naptr-wide-ips
  • gtm-srv-pools
  • gtm-srv-wide-ips
  • http-monitors
  • https-monitors
  • http-profiles
  • iapp-services
  • iapplx-packages
  • icmp-monitors
  • interfaces
  • internal-data-groups
  • irules
  • ltm-pools
  • nodes
  • oneconnect-profiles
  • partitions
  • provision-info
  • self-ips
  • server-ssl-profiles
  • software-volumes
  • software-images
  • software-hotfixes
  • ssl-certs
  • ssl-keys
  • system-db
  • system-info
  • tcp-monitors
  • tcp-half-open-monitors
  • tcp-profiles
  • traffic-groups
  • trunks
  • udp-profiles
  • vcmp-guests
  • virtual-addresses
  • virtual-servers
  • vlans
  • !all
  • !monitors
  • !profiles
  • !asm-policy-stats
  • !asm-policies
  • !asm-server-technologies
  • !asm-signature-sets
  • !client-ssl-profiles
  • !devices
  • !device-groups
  • !external-monitors
  • !fasthttp-profiles
  • !fastl4-profiles
  • !gateway-icmp-monitors
  • !gtm-pools
  • !gtm-servers
  • !gtm-wide-ips
  • !gtm-a-pools
  • !gtm-a-wide-ips
  • !gtm-aaaa-pools
  • !gtm-aaaa-wide-ips
  • !gtm-cname-pools
  • !gtm-cname-wide-ips
  • !gtm-mx-pools
  • !gtm-mx-wide-ips
  • !gtm-naptr-pools
  • !gtm-naptr-wide-ips
  • !gtm-srv-pools
  • !gtm-srv-wide-ips
  • !http-monitors
  • !https-monitors
  • !http-profiles
  • !iapp-services
  • !iapplx-packages
  • !icmp-monitors
  • !interfaces
  • !internal-data-groups
  • !irules
  • !ltm-pools
  • !nodes
  • !oneconnect-profiles
  • !partitions
  • !provision-info
  • !self-ips
  • !server-ssl-profiles
  • !software-volumes
  • !software-images
  • !software-hotfixes
  • !ssl-certs
  • !ssl-keys
  • !system-db
  • !system-info
  • !tcp-monitors
  • !tcp-half-open-monitors
  • !tcp-profiles
  • !traffic-groups
  • !trunks
  • !udp-profiles
  • !vcmp-guests
  • !virtual-addresses
  • !virtual-servers
  • !vlans
When supplied, this argument will restrict the facts returned to a given subset.
Can specify a list of values to include a larger subset.
Values can also be used with an initial ! to specify that a specific subset should not be collected.

aliases: include
password
string / required
The password for the user account used to connect to the BIG-IP.
You may omit this option by setting the environment variable F5_PASSWORD.

aliases: pass, pwd
provider
dictionary
added in 2.5
A dict object containing connection details.
password
string / required
The password for the user account used to connect to the BIG-IP.
You may omit this option by setting the environment variable F5_PASSWORD.

aliases: pass, pwd
server
string / required
The BIG-IP host.
You may omit this option by setting the environment variable F5_SERVER.
server_port
integer
Default:
443
The BIG-IP server port.
You may omit this option by setting the environment variable F5_SERVER_PORT.
ssh_keyfile
path
Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports.
You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE.
timeout
integer
Default:
10
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
transport
string
    Choices:
  • cli
  • rest ←
Configures the transport connection to use when connecting to the remote device.
user
string / required
The username to connect to the BIG-IP with. This user must have administrative privileges on the device.
You may omit this option by setting the environment variable F5_USER.
validate_certs
boolean
    Choices:
  • no
  • yes ←
If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.
You may omit this option by setting the environment variable F5_VALIDATE_CERTS.
server
string / required
The BIG-IP host.
You may omit this option by setting the environment variable F5_SERVER.
server_port
integer
added in 2.2
Default:
443
The BIG-IP server port.
You may omit this option by setting the environment variable F5_SERVER_PORT.
user
string / required
The username to connect to the BIG-IP with. This user must have administrative privileges on the device.
You may omit this option by setting the environment variable F5_USER.
validate_certs
boolean
added in 2.0
    Choices:
  • no
  • yes ←
If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.
You may omit this option by setting the environment variable F5_VALIDATE_CERTS.

Notes

Note

  • For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
  • Requires BIG-IP software version >= 12.
  • The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.

Examples

- name: Collect BIG-IP facts
  bigip_device_facts:
    gather_subset:
      - interfaces
      - vlans
    provider:
      server: lb.mydomain.com
      user: admin
      password: secret
  delegate_to: localhost

- name: Collect all BIG-IP facts
  bigip_device_facts:
    gather_subset:
      - all
    provider:
      server: lb.mydomain.com
      user: admin
      password: secret
  delegate_to: localhost

- name: Collect all BIG-IP facts except trunks
  bigip_device_facts:
    gather_subset:
      - all
      - "!trunks"
    provider:
      server: lb.mydomain.com
      user: admin
      password: secret
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
asm_policies
complex
When asm-policies is specified in gather_subset.
Detailed facts for ASM policies present on device.

Sample:
hash/dictionary of values
  active
boolean
changed
Indicates if an ASM policy is active.

Sample:
True
  allowed_response_codes
list
changed
Lists the response status codes between 400 and 599 that the security profile considers legal.

Sample:
['400', '404']
  application_language
string
changed
The language encoding for the web application.

Sample:
utf-8
  case_insensitive
boolean
changed
Indicates if the ASM policy treats file types, URLs, and parameters as case sensitive.

Sample:
True
  csrf_protection_enabled
boolean
changed
Specifies if CSRF protection is active on the ASM policy.

Sample:
True
  csrf_protection_expiration_time_in_seconds
integer
changed
Specifies how long, in seconds, a configured CSRF token is valid before it expires.

Sample:
600
  csrf_protection_ssl_only
boolean
changed
Specifies that only HTTPS URLs will be checked for CSRF protection.

Sample:
True
  csrf_urls
complex
changed
Specifies a list of URLs for CSRF token verification.
In version 13.0.0 and above this has become a sub-collection and a list of dictionaries.
In version 12.x this is a list of simple strings.

    csrf_url
string
changed
Specifies an URL to protect.

Sample:
['/foo.html']
    csrf_url_enforcement_action
string
changed
Indicates the action specified for the system to take when the URL entry matches.

Sample:
none
    csrf_url_id
string
changed
Specified the generated ID for the configured CSRF url resource.

Sample:
l0Ckxe-7yHsXp8U5tTgbFQ
    csrf_url_method
string
changed
Method for the specified URL.

Sample:
POST
    csrf_url_parameters_list
list
changed
List of parameters to look for in a request when checking if the URL entry matches the request.

Sample:
['fooparam']
    csrf_url_required_parameters
string
changed
Indicates whether to ignore or require one of the specified parameters is present in a request when checking if the URL entry matches the request.

Sample:
ignore
    csrf_url_wildcard_order
string
changed
Specified the order in which the wildcard URLs are enforced.

Sample:
1
  custom_xff_headers
string
changed
List of custom XFF headers trusted by the system.

Sample:
asm-proxy1
  description
string
changed
Description of the resource.

Sample:
Significant Policy Description
  disallowed_geolocations
string
changed
Displays countries that may not access the web application.

Sample:
Argentina
  enforcement_mode
string
changed
Specifies whether blocking is active or inactive for the ASM policy.

Sample:
blocking
  enforcement_readiness_period
integer
changed
Period in days both security policy entities and attack signatures remain in staging mode before the system suggests to enforce them.

Sample:
8
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/foo_policy
  has_parent
boolean
changed
Indicates if the ASM policy is a child of another ASM policy.

  inspect_http_uploads
boolean
changed
Specify if the system should inspect all http uploads.

Sample:
True
  learning_mode
string
changed
Determine how the policy is built.

Sample:
manual
  mask_credit_card_numbers_in_request
boolean
changed
Indicates if the system masks credit card numbers.

  maximum_cookie_header_length
integer
changed
Maximum length of a cookie header name and value that the system processes.

Sample:
8192
  maximum_http_header_length
integer
changed
Maximum length of an HTTP header name and value that the system processes.

Sample:
8192
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
foo_policy
  path_parameter_handling
string
changed
Specifies how the system handles path parameters that are attached to path segments in URIs.

Sample:
ignore
  place_signatures_in_staging
boolean
changed
Specifies if the system places new or updated signatures in staging for the number of days specified in the enforcement readiness period.

  policy_id
string
changed
Generated ID of the ASM policy resource.

Sample:
l0Ckxe-7yHsXp8U5tTgbFQ
  protocol_independent
boolean
changed
Indicates if the ASM policy differentiates between HTTP/WS and HTTPS/WSS URLs.

  signature_staging
boolean
changed
Specifies if the staging feature is active on the ASM policy.

Sample:
True
  trigger_asm_irule_event
string
changed
Indicates if iRule event is enabled.

Sample:
disabled
  trust_xff
boolean
changed
Indicates the system has confidence in an XFF (X-Forwarded-For) header in the request.

Sample:
True
  type
string
changed
The type of policy, can be Security or Parent.

Sample:
security
  use_dynamic_session_id_in_url
boolean
changed
Specifies how the security policy processes URLs that use dynamic sessions.

  virtual_servers
list
changed
Virtual server or servers which have this policy assigned to them.

Sample:
['/Common/foo_VS/']
asm_policy_stats
complex
When asm-policy-stats is specified in gather_subset.
Miscellaneous ASM policy related facts.

Sample:
hash/dictionary of values
  policies
integer
changed
The total number of ASM policies on the device.

Sample:
3
  policies_active
integer
changed
The number of ASM policies that are marked as active.

Sample:
3
  policies_attached
integer
changed
The number of ASM policies that are attached to virtual servers.

Sample:
1
  policies_inactive
integer
changed
The number of ASM policies that are marked as inactive.

  policies_unattached
integer
changed
The number of ASM policies that are not attached to a virtual server.

Sample:
3
asm_server_technologies
complex
When asm-server-technologies is specified in gather_subset.
Detailed facts for ASM server technologies present on device.

Sample:
hash/dictionary of values
  id
string
changed
Displays the generated ID for the server technology resource.

Sample:
l0Ckxe-7yHsXp8U5tTgbFQ
  server_technology_name
string
changed
Human friendly name of the server technology resource.

Sample:
Wordpress
  server_technology_references
complex
changed
List of dictionaries containing API self links of the associated technology resources.

Sample:
https://localhost/mgmt/tm/asm/server-technologies/NQG7CT02OBC2cQWbnP7T-A?ver=13.1.0
    link
-
A self link to an associated server technology.

asm_signature_sets
complex
When asm-signature-sets is specified in gather_subset.
Detailed facts for ASM signature sets present on device.

Sample:
hash/dictionary of values
  assign_to_policy_by_default
boolean
changed
Indicates whether the system assigns this signature set to a new created security policy by default.

Sample:
True
  category
string
changed
Displays the category of the signature set.

Sample:
filter-based
  default_alarm
boolean
changed
Displays whether the security policy logs the request data in the Statistics screen if a request matches a signature that is included in the signature set

Sample:
True
  default_block
boolean
changed
Displays, when the security policy's enforcement mode is Blocking, how the system treats requests that match a signature included in the signature set.

Sample:
True
  default_learn
boolean
changed
Displays whether the security policy learns all requests that match a signature that is included in the signature set.

Sample:
True
  id
string
changed
Displays the generated ID for the signature set resource.

Sample:
l0Ckxe-7yHsXp8U5tTgbFQ
  is_user_defined
boolean
changed
Specifies that this signature set was added by a user.

  name
string
changed
Name of the signature set

Sample:
WebSphere signatures
  type
string
changed
The method used to select signatures to be a part of the signature set.

Sample:
filter-based
client_ssl_profiles
complex
When client-ssl-profiles is specified in gather_subset.
Client SSL Profile related facts.

Sample:
hash/dictionary of values
  alert_timeout
integer
changed
Maximum time period in seconds to keep the SSL session active after alert message is sent, or indefinite.

  allow_non_ssl
boolean
changed
Enables or disables non-SSL connections.

Sample:
True
  authenticate_depth
integer
changed
Specifies the authenticate depth. This is the client certificate chain maximum traversal depth.

Sample:
9
  authenticate_frequency
string
changed
Specifies how often the system authenticates a user.

Sample:
once
  ca_file
string
changed
Specifies the certificate authority (CA) file name.

Sample:
/Common/default-ca.crt
  cache_size
integer
changed
Specifies the SSL session cache size.

Sample:
262144
  cache_timeout
integer
changed
Specifies the SSL session cache timeout value.

Sample:
3600
  certificate_file
string
changed
Specifies the name of the certificate installed on the traffic management system for the purpose of terminating or initiating an SSL connection.

Sample:
/Common/default.crt
  chain_file
string
changed
Specifies or builds a certificate chain file that a client can use to authenticate the profile.

Sample:
/Common/ca-chain.crt
  ciphers
string
changed
Specifies a list of cipher names.

Sample:
['DEFAULT']
  crl_file
string
changed
Specifies the certificate revocation list file name.

Sample:
/Common/default.crl
  description
string
changed
Description of the profile.

Sample:
My profile
  forward_proxy_ca_certificate_file
string
changed
Specifies the name of the certificate file that is used as the certification authority certificate when SSL forward proxy feature is enabled.

  forward_proxy_ca_key_file
string
changed
Specifies the name of the key file that is used as the certification authority key when SSL forward proxy feature is enabled.

  forward_proxy_ca_passphrase
string
changed
Specifies the passphrase of the key file that is used as the certification authority key when SSL forward proxy feature is enabled.

  forward_proxy_certificate_extension_include
list
changed
Specifies the extensions of the web server certificates to be included in the generated certificates using SSL Forward Proxy.

Sample:
['basic-constraints', 'subject-alternative-name']
  forward_proxy_certificate_lifespan
integer
changed
Specifies the lifespan of the certificate generated using the SSL forward proxy feature.

Sample:
30
  forward_proxy_enabled
boolean
changed
Enables or disables SSL forward proxy feature.

Sample:
True
  forward_proxy_lookup_by_ipaddr_port
boolean
changed
Specifies whether to perform certificate look up by IP address and port number.

  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/bigip02.internal
  handshake_timeout
integer
changed
Specifies the handshake timeout in seconds.

Sample:
10
  modssl_methods
boolean
changed
Enables or disables ModSSL method emulation.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
bigip02.internal
  parent
string
changed
Parent of the profile

Sample:
/Common/clientssl
  peer_certification_mode
string
changed
Specifies the peer certificate mode.

Sample:
ignore
  profile_mode_enabled
boolean
changed
Specifies the profile mode, which enables or disables SSL processing.

Sample:
True
  renegotiation
boolean
changed
Specifies whether renegotiations are enabled.

Sample:
True
  renegotiation_maximum_record_delay
integer
changed
Maximum number of SSL records that the traffic management system can receive before it renegotiates an SSL session.

  renegotiation_period
integer
changed
Number of seconds required to renegotiate an SSL session.

  retain_certificate
boolean
changed
APM module requires storing certificate in SSL session. When no, certificate will not be stored in SSL session.

Sample:
True
  secure_renegotiation_mode
string
changed
Specifies the secure renegotiation mode.

Sample:
require
  server_name
string
changed
Specifies the server names to be matched with SNI (server name indication) extension information in ClientHello from a client connection.

Sample:
bigip01
  session_ticket
boolean
changed
Enables or disables session-ticket.

  sni_default
boolean
changed
When yes, this profile is the default SSL profile when the server name in a client connection does not match any configured server names, or a client connection does not specify any server name at all.

Sample:
True
  sni_require
boolean
changed
When this option is yes, a client connection that does not specify a known server name or does not support SNI extension will be rejected.

  strict_resume
boolean
changed
Enables or disables strict-resume.

Sample:
True
  unclean_shutdown
boolean
changed
Whether to force the SSL profile to perform a clean shutdown of all SSL connections or not

device_groups
complex
When device-groups is specified in gather_subset.
Device group related facts.

Sample:
hash/dictionary of values
  asm_sync_enabled
boolean
changed
Specifies whether to synchronize ASM configurations of device group members.

Sample:
True
  autosync_enabled
boolean
changed
Whether the device group automatically synchronizes configuration data to its members.

  description
string
changed
Description of the device group.

Sample:
My device group
  devices
list
changed
List of devices that are in the group. Devices are listed by their full_path.

Sample:
['/Common/bigip02.internal']
  full_load_on_sync
boolean
changed
Specifies that the entire configuration for a device group is sent when configuration synchronization is performed.

Sample:
True
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/fasthttp
  incremental_config_sync_size_maximum
integer
changed
Specifies the maximum size (in KB) to devote to incremental config sync cached transactions.

Sample:
1024
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
fasthttp
  network_failover_enabled
boolean
changed
Specifies whether network failover is used.

Sample:
True
  type
string
changed
Specifies the type of device group.

Sample:
sync-only
devices
complex
When devices is specified in gather_subset.
Device related facts.

Sample:
hash/dictionary of values
  active_modules
list
changed
The currently licensed and provisioned modules on the device.

Sample:
['DNS Services (LAB)', 'PSM, VE']
  base_mac_address
string
changed
Media Access Control address (MAC address) of the device.

Sample:
fa:16:3e:c3:42:6f
  build
string
changed
The minor version information of the total product version.

Sample:
0.0.1
  chassis_id
string
changed
Serial number of the device.

Sample:
11111111-2222-3333-444444444444
  chassis_type
string
changed
Displays the chassis type. The possible values are individual and viprion.

Sample:
individual
  comment
string
changed
User comments about the device.

Sample:
My device
  configsync_address
string
changed
IP address used for configuration synchronization.

Sample:
10.10.10.10
  contact
string
changed
Administrator contact information.

Sample:
The User
  description
string
changed
Description of the device.

Sample:
My device
  edition
string
changed
Displays the software edition.

Sample:
Point Release 7
  failover_state
string
changed
Device failover state.

Sample:
active
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/bigip02.internal
  hostname
string
changed
Device hostname

Sample:
bigip02.internal
  location
string
changed
Specifies the physical location of the device.

Sample:
London
  management_address
string
changed
IP address of the management interface.

Sample:
3.3.3.3
  marketing_name
string
changed
Marketing name of the device platform.

Sample:
BIG-IP Virtual Edition
  multicast_address
string
changed
Specifies the multicast IP address used for failover.

Sample:
4.4.4.4
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
bigip02.internal
  optional_modules
list
changed
Modules that are available for the current platform, but are not currently licensed.

Sample:
['App Mode (TMSH Only, No Root/Bash)', 'BIG-IP VE, Multicast Routing']
  platform_id
string
changed
Displays the device platform identifier.

Sample:
Z100
  primary_mirror_address
string
changed
Specifies the IP address used for state mirroring.

Sample:
5.5.5.5
  product
string
changed
Displays the software product name.

Sample:
BIG-IP
  secondary_mirror_address
string
changed
Secondary IP address used for state mirroring.

Sample:
2.2.2.2
  self
boolean
changed
Whether this device is the one that was queried for facts, or not.

Sample:
True
  software_version
string
changed
Displays the software version number.

Sample:
13.1.0.7
  timelimited_modules
list
changed
Displays the licensed modules that are time-limited.

Sample:
['IP Intelligence, 3Yr, ...', 'PEM URL Filtering, 3Yr, ...']
  timezone
string
changed
Displays the time zone configured on the device.

Sample:
UTC
  unicast_addresses
complex
changed
Specifies the entire set of unicast addresses used for failover.

    effective_ip
string
changed
The IP address that peers can use to reach this unicast address IP.

Sample:
5.4.3.5
    effective_port
integer
changed
The port that peers can use to reach this unicast address.

Sample:
1026
    ip
string
changed
The IP address that the failover daemon will listen on for packets from its peers.

Sample:
5.4.3.5
    port
integer
changed
The IP port that the failover daemon uses to accept packets from its peers.

Sample:
1026
external_monitors
complex
When external-monitors is specified in gather_subset.
External monitor related facts.

Sample:
hash/dictionary of values
  args
string
Specifies any command-line arguments that the script requires.

Sample:
arg1 arg2 arg3
  description
string
changed
Description of the resource.

Sample:
My monitor
  destination
string
Specifies the IP address and service port of the resource that is the destination of this monitor.

Sample:
*:*
  external_program
string
Specifies the name of the file for the monitor to use.

Sample:
/Common/arg_example
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/external
  interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.

Sample:
5
  manual_resume
boolean
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.

Sample:
True
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
external
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
external
  time_until_up
integer
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.

  timeout
integer
Specifies the number of seconds the target has in which to respond to the monitor request.

Sample:
16
  up_interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.

  variables
complex
Specifies any variables that the script requires.

Sample:
{'key1': 'val', 'key_2': 'val 2'}
fasthttp_profiles
complex
When fasthttp-profiles is specified in gather_subset.
FastHTTP profile related facts.

Sample:
hash/dictionary of values
  client_close_timeout
integer
changed
Number of seconds after which the system closes a client connection, when the system either receives a client FIN packet or sends a FIN packet to the client.

Sample:
5
  description
string
changed
Description of the resource.

Sample:
My profile
  force_http_1_0_response
boolean
changed
Specifies, when yes, that the server sends responses to clients in the HTTP/1.0 format.

  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/fasthttp
  http_1_1_close_workarounds
boolean
changed
Specifies, when yes, that the server uses workarounds for HTTP 1.1 close issues.

  idle_timeout
integer
changed
Length of time that a connection is idle (has no traffic) before the connection is eligible for deletion.

Sample:
300
  insert_x_forwarded_for
boolean
changed
Whether the system inserts the X-Forwarded-For header in an HTTP request with the client IP address, to use with connection pooling.

  maximum_header_size
integer
changed
Maximum amount of HTTP header data that the system buffers before making a load balancing decision.

Sample:
32768
  maximum_requests
integer
changed
Maximum number of requests that the system can receive on a client-side connection, before the system closes the connection.

  maximum_segment_size_override
integer
changed
Maximum segment size (MSS) override for server-side connections.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
fasthttp
  oneconnect_idle_timeout_override
integer
changed
Number of seconds after which a server-side connection in a OneConnect pool is eligible for deletion, when the connection has no traffic.

  oneconnect_maximum_pool_size
integer
changed
Maximum number of connections to a load balancing pool.

Sample:
2048
  oneconnect_maximum_reuse
integer
changed
Maximum number of times that the system can re-use a current connection.

  oneconnect_minimum_pool_size
integer
changed
Minimum number of connections to a load balancing pool.

  oneconnect_ramp_up_increment
integer
changed
The increment in which the system makes additional connections available, when all available connections are in use.

Sample:
4
  oneconnect_replenish'
boolean
changed
Specifies, when yes, that the system will not keep a steady-state maximum of connections to the back-end unless the number of connections to the pool have dropped beneath the minimum_pool_size specified in the profile.

Sample:
True
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
fasthttp
  receive_window_size
integer
changed
Amount of data the BIG-IP system can accept without acknowledging the server.

  request_header_insert
string
changed
A string that the system inserts as a header in an HTTP request. If the header exists already, the system does not replace it.

Sample:
X-F5-Authentication: foo
  reset_on_timeout
boolean
changed
Specifies, when yes, that the system sends a reset packet (RST) in addition to deleting the connection, when a connection exceeds the idle timeout value.

Sample:
True
  server_close_timeout
integer
changed
Number of seconds after which the system closes a client connection, when the system either receives a server FIN packet or sends a FIN packet to the server.

Sample:
5
  server_sack
boolean
changed
Whether the BIG-IP system processes Selective ACK (Sack) packets in cookie responses from the server.

  server_timestamp
boolean
changed
Whether the BIG-IP system processes timestamp request packets in cookie responses from the server.

  unclean_shutdown
string
changed
How the system handles closing connections. Values provided may be enabled, disabled, or fast.

Sample:
enabled
fastl4_profiles
complex
When fastl4-profiles is specified in gather_subset.
FastL4 profile related facts.

Sample:
hash/dictionary of values
  client_timeout
integer
changed
Specifies late binding client timeout in seconds.
This is the number of seconds allowed for a client to transmit enough data to select a server pool.
If this timeout expires, the timeout-recovery option dictates whether to drop the connection or fallback to the normal FastL4 load-balancing method to pick a server pool.

Sample:
30
  description
string
changed
Description of the resource.

Sample:
My profile
  dont_fragment_flag
string
changed
Describes the Don't Fragment (DF) bit setting in the IP Header of the outgoing TCP packet.
When pmtu, sets the outgoing IP Header DF bit based on IP pmtu setting(tm.pathmtudiscovery).
When preserve, sets the outgoing Packet's IP Header DF bit to be same as incoming IP Header DF bit.
When set, sets the outgoing packet's IP Header DF bit.
When clear, clears the outgoing packet's IP Header DF bit.

Sample:
pmtu
  explicit_flow_migration
boolean
changed
Specifies whether to have the iRule code determine exactly when the FIX stream drops down to the ePVA hardware.

Sample:
True
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/fastl4
  generate_init_seq_number
boolean
changed
Specifies whether you want to generate TCP sequence numbers on all SYNs that conform with RFC1948, and allow timestamp recycling.

Sample:
True
  hardware_syn_cookie
boolean
changed
Enables or disables hardware SYN cookie support when PVA10 is present on the system.
This option is deprecated in version 13.0.0 and is replaced by syn-cookie-enable.

  idle_timeout
integer
changed
Specifies the number of seconds that a connection is idle before the connection is eligible for deletion.
Values will be in the range of 0 to 4294967295 (inclusive).
0 is equivalent to the TMUI value "immediate".
4294967295 is equivalent to the TMUI value "indefinite".

Sample:
300
  ip_tos_to_client
str or int
changed
Specifies an IP Type of Service (ToS) number for the client-side.
This option specifies the ToS level that the traffic management system assigns to IP packets when sending them to clients.

Sample:
200
  ip_tos_to_server
str or int
changed
Specifies an IP ToS number for the server side.
This option specifies the ToS level that the traffic management system assigns to IP packets when sending them to servers.

Sample:
pass-through
  keep_alive_interval
integer
changed
Specifies the keep-alive probe interval, in seconds.
A value of 0 indicates keep-alive is disabled.

Sample:
10
  late_binding
boolean
changed
Specifies whether to enable or disable intelligent selection of a back-end server pool.

Sample:
True
  link_qos_to_client
int or string
changed
Specifies a Link Quality of Service (QoS) (VLAN priority) number for the client side.
This option specifies the QoS level that the system assigns to packets when sending them to clients.

Sample:
7
  link_qos_to_server
int or string
changed
Specifies a Link QoS (VLAN priority) number for the server side.
This option specifies the QoS level that the system assigns to packets when sending them to servers.

Sample:
5
  loose_close
boolean
changed
Specifies that the system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server.

  loose_init
boolean
changed
Specifies that the system initializes a connection when it receives any Transmission Control Protocol (TCP) packet, rather than requiring a SYN packet for connection initiation.

Sample:
True
  mss_override
integer
changed
Specifies a maximum segment size (MSS) override for server connections. Note that this is also the MSS advertised to a client when a client first connects.
0 (zero), means the option is disabled. Otherwise, the value will be between 256 and 9162.

Sample:
500
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
fastl4
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
fastl4
  priority_to_client
int or string
changed
Specifies internal packet priority for the client side.
This option specifies the internal packet priority that the system assigns to packets when sending them to clients.

Sample:
300
  priority_to_server
int or string
changed
Specifies internal packet priority for the server side.
This option specifies the internal packet priority that the system assigns to packets when sending them to servers.

Sample:
200
  pva_acceleration
string
changed
Specifies the Packet Velocity(r) ASIC acceleration policy.

Sample:
full
  pva_dynamic_client_packets
integer
changed
Specifies the number of client packets before dynamic ePVA hardware re-offloading occurs.
Values will be between 0 and 10.

Sample:
8
  pva_dynamic_server_packets
integer
changed
Specifies the number of server packets before dynamic ePVA hardware re-offloading occurs.
Values will be between 0 and 10.

Sample:
5
  pva_flow_aging
boolean
changed
Specifies if automatic aging from ePVA flow cache is enabled or not.

Sample:
True
  pva_flow_evict
boolean
changed
Specifies if this flow can be evicted upon hash collision with a new flow learn snoop request.

  pva_offload_dynamic
boolean
changed
Specifies whether PVA flow dynamic offloading is enabled or not.

Sample:
True
  pva_offload_state
string
changed
Specifies at what stage the ePVA performs hardware offload.
When embryonic, implies at TCP CSYN or the first client UDP packet.
When establish, implies TCP 3WAY handshaking or UDP CS round trip are confirmed.

Sample:
embryonic
  reassemble_fragments
boolean
changed
Specifies whether to reassemble fragments.

Sample:
True
  receive_window
integer
changed
Specifies the window size to use, in bytes.
The maximum is 2^31 for window scale enabling.

Sample:
1000
  reset_on_timeout
boolean
changed
Specifies whether you want to reset connections on timeout.

Sample:
True
  rtt_from_client
boolean
changed
Enables or disables the TCP timestamp options to measure the round trip time to the client.

  rtt_from_server
boolean
changed
Enables or disables the TCP timestamp options to measure the round trip time to the server.

Sample:
True
  server_sack
boolean
changed
Specifies whether to support server sack option in cookie response by default.

  server_timestamp
boolean
changed
Specifies whether to support server timestamp option in cookie response by default.

Sample:
True
  software_syn_cookie
boolean
changed
Enables or disables software SYN cookie support when PVA10 is not present on the system.
This option is deprecated in version 13.0.0 and is replaced by syn_cookie_enabled.

Sample:
True
  strip_sack
boolean
changed
Specifies whether you want to block the TCP SackOK option from passing to the server on an initiating SYN.

Sample:
True
  syn_cookie_enabled
boolean
changed
Enables syn-cookies capability on this virtual server.

  syn_cookie_mss
integer
changed
Specifies a maximum segment size (MSS) for server connections when SYN Cookie is enabled.

Sample:
2000
  syn_cookie_whitelist
boolean
changed
Specifies whether or not to use a SYN Cookie WhiteList when doing software SYN Cookies.

  tcp_close_timeout
integer
changed
Specifies a TCP close timeout in seconds.

Sample:
100
  tcp_handshake_timeout
integer
changed
Specifies a TCP handshake timeout in seconds.

Sample:
5
  tcp_time_wait_timeout
integer
changed
Specifies a TCP time_wait timeout in milliseconds.

Sample:
60
  tcp_timestamp_mode
string
changed
Specifies how you want to handle the TCP timestamp.

Sample:
preserve
  tcp_window_scale_mode
string
changed
Specifies how you want to handle the TCP window scale.

Sample:
preserve
  timeout_recovery
string
changed
Specifies late binding timeout recovery mode. This is the action to take when late binding timeout occurs on a connection.
When disconnect, only the L7 iRule actions are acceptable to pick a server.
When fallback, the normal FastL4 load-balancing methods are acceptable to pick a server.

Sample:
fallback
  ttl_mode
string
changed
Describe the outgoing TCP packet's IP Header TTL mode.
When proxy, sets the outgoing IP Header TTL value to 255/64 for ipv4/ipv6 respectively.
When preserve, sets the outgoing IP Header TTL value to be same as the incoming IP Header TTL value.
When decrement, sets the outgoing IP Header TTL value to be one less than the incoming TTL value.
When set, sets the outgoing IP Header TTL value to a specific value(as specified by ttl_v4 or ttl_v6.

Sample:
preserve
  ttl_v4
integer
changed
Specify the outgoing packet's IP Header TTL value for IPv4 traffic.
Maximum value that can be specified is 255.

Sample:
200
  ttl_v6
integer
changed
Specify the outgoing packet's IP Header TTL value for IPv6 traffic.
Maximum value that can be specified is 255.

Sample:
300
gateway_icmp_monitors
complex
When gateway-icmp-monitors is specified in gather_subset.
Gateway ICMP monitor related facts.

Sample:
hash/dictionary of values
  adaptive
boolean
Whether adaptive response time monitoring is enabled for this monitor.

  adaptive_divergence_type
string
Specifies whether the adaptive-divergence-value is relative or absolute.

Sample:
relative
  adaptive_divergence_value
integer
Specifies how far from mean latency each monitor probe is allowed to be.

Sample:
25
  adaptive_limit
integer
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence value.

Sample:
200
  adaptive_sampling_timespan
integer
Specifies the size of the sliding window, in seconds, which records probe history.

Sample:
300
  description
string
changed
Description of the resource.

Sample:
My monitor
  destination
string
Specifies the IP address and service port of the resource that is the destination of this monitor.

Sample:
*:*
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/gateway_icmp
  interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.

Sample:
5
  manual_resume
boolean
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.

Sample:
True
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
gateway_icmp
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
gateway_icmp
  time_until_up
integer
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.

  timeout
integer
Specifies the number of seconds the target has in which to respond to the monitor request.

Sample:
16
  transparent
boolean
Specifies whether the monitor operates in transparent mode.

  up_interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.

gtm_pools
complex
When any of gtm-pools or gtm-*-pools is specified in gather_subset.
GTM pool related facts.
Every "type" of pool has the exact same list of possible facts. Therefore, the list of facts here is presented once instead of 6 times.

Sample:
hash/dictionary of values
  alternate_mode
string
The load balancing mode that the system uses to load balance name resolution requests among the members of the pool.

Sample:
drop-packet
  disabled
boolean
Is the pool disabled

  dynamic_ratio
boolean
Whether or not the dynamic ratio load balancing algorithm is enabled for this pool.

Sample:
True
  enabled
boolean
Is the pool enabled.

  fallback_mode
string
Specifies the load balancing mode that the system uses to load balance name resolution amongst the pool members if the preferred and alternate modes are unsuccessful in picking a pool.

  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/pool1
  load_balancing_mode
string
Specifies the preferred load balancing mode that the system uses to load balance requests across pool members.

  manual_resume
boolean
Whether manual resume is enabled for this pool

  max_answers_returned
integer
Maximum number of available virtual servers that the system lists in a response.

  members
complex
Lists of members (and their configurations) in the pool.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
pool1
  partition
-
Partition the pool exists on.

  qos_hit_ratio
integer
Weight of the Hit Ratio performance factor for the QoS dynamic load balancing method

  qos_hops
integer
Weight of the Hops performance factor when load balancing mode or fallback mode is QoS.

  qos_kilobytes_second
integer
Weight assigned to Kilobytes per Second performance factor when load balancing option is QoS.

  qos_lcs
integer
Weight assign to the Link Capacity performance factor when load balacing option is QoS.

  qos_packet_rate
integer
Weight assign to the Packet Rate performance factor when load balacing option is QoS.

  qos_rtt
integer
Weight assign to the Round Trip Time performance factor when load balacing option is QoS.

  qos_topology
integer
Weight assign to the Topology performance factor when load balacing option is QoS.

  qos_vs_capacity
integer
Weight assign to the Virtual Server performance factor when load balacing option is QoS.

  qos_vs_score
integer
Weight assign to the Virtual Server Score performance factor when load balacing option is QoS.

  ttl
integer
Number of seconds that the IP address, once found, is valid.

  verify_member_availability
boolean
Whether or not the system verifies the availability of the members before sending a connection to them.

gtm_servers
complex
When gtm-servers is specified in gather_subset.
GTM server related facts.

Sample:
hash/dictionary of values
  addresses
complex
Specifies the server IP addresses for the server.

  datacenter
string
Full name of the datacenter this server belongs to.

  devices
complex.
Specifies the names of the devies that represent this server.

  disabled
boolean
Whether the server is disabled.

  enabled
boolean
Whether the server is enabled.

  expose_route_domains
boolean
Allow the GTM server to auto-discover the LTM virtual servers from all route domains.

  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/server1
  iq_allow_path
boolean
Whether the GTM uses this BIG-IP system to conduct a path probe before delegating traffic to it.

  iq_allow_service_check
boolean
Whether the GTM uses this BIG-IP system to conduct a service check probe before delegating traffic to it.

  iq_allow_snmp
boolean
Whether the GTM uses this BIG-IP system to conduct an SNMP probe before delegating traffic to it.

  limit_cpu_usage
-
For a server configured as a generic host, specifies the percent of CPU usage, otherwise has no effect.

  limit_cpu_usage_status
boolean
Whether limit_cpu_usage is enabled for this server.

  limit_max_bps
-
Maximum allowable data throughput rate in bits per second for this server.

  limit_max_bps_status
boolean
Whether limit_max_bps is enabled for this server.

  limit_max_connections
-
Maximum number of concurrent connections, combind, for this server.

  limit_max_connections_status
boolean
Whether limit_max_connections is enabled for this server.

  limit_max_pps
-
Maximum allowable data transfer rate, in packets per second, for this server.

  limit_max_pps_status
boolean
Whether limit_max_pps is enabled for this server.

  limit_mem_available
-
For a server configured as a generic host, specifies the available memory required by the virtual servers on the server.
If available memory falls below this limit, the system marks the server as unavailable.

  limit_mem_available_status
boolean
Whether limit_mem_available is enabled for this server.

  link_discovery
string
Specifies whether the system auto-discovers the links for this server.

  monitor_type
string
changed
Whether one or monitors need to pass, or all monitors need to pass.

Sample:
and_list
  monitors
list
changed
Specifies health monitors that the system uses to determine whether this server is available for load balancing.

Sample:
['/Common/https_443', '/Common/icmp']
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
server1
  prober_fallback
-
The type of prober to use to monitor this servers resources when the preferred type is not available.

  prober_preference
-
Specifies the type of prober to use to monitor this servers resources.

  product
-
Specifies the server type.

  virtual_server_discovery
string
Whether the system auto-discovers the virtual servers for this server.

  virtual_servers
complex
Virtual servers that are resources for this server.

gtm_wide_ips
complex
When any of gtm-wide-ips or gtm-*-wide-ips is specified in gather_subset.
GTM Wide IP related facts.
Every "type" of wide-ip has the exact same list of possible facts. Therefore, the list of facts here is presented once instead of 6 times.

Sample:
hash/dictionary of values
  description
-
Description of the wide ip.

  disabled
boolean
Whether the Wide IP is disabled.

  enabled
boolean
Whether the Wide IP is enabled.

  failure_rcode
-
Specifies the DNS RCODE used when failure_rcode_response is yes.

  failure_rcode_response
boolean
When yes, specifies that the system returns a RCODE response to Wide IP requests after exhausting all load-balancing methods.

  failure_rcode_ttl
-
Specifies the negative caching TTL of the SOA for the RCODE response.

  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/wide1
  last_resort_pool
-
Specifies which pool, as listed in Pool List, for the system to use as the last resort pool for the wide IP.

  minimal_response
-
Specifies that the system forms the smallest allowable DNS response to a query.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
wide1
  persist_cidr_ipv4
-
Specifies the number of bits the system uses to identify IPv4 addresses when persistence is enabled.

  persist_cidr_ipv6
-
Specifies the number of bits the system uses to identify IPv6 addresses when persistence is enabled.

  pool_lb_mode
-
Specifies the load balancing method used to select a pool in this wide IP.

  pools
complex
Specifies the pools that this wide IP uses for load balancing.

  ttl_persistence
-
Specifies, in seconds, the length of time for which the persistence entry is valid.

http_monitors
complex
When http-monitors is specified in gather_subset.
HTTP monitor related facts.

Sample:
hash/dictionary of values
  adaptive
boolean
Whether adaptive response time monitoring is enabled for this monitor.

  adaptive_divergence_type
string
Specifies whether the adaptive-divergence-value is relative or absolute.

Sample:
relative
  adaptive_divergence_value
integer
Specifies how far from mean latency each monitor probe is allowed to be.

Sample:
25
  adaptive_limit
integer
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence value.

Sample:
200
  adaptive_sampling_timespan
integer
Specifies the size of the sliding window, in seconds, which records probe history.

Sample:
300
  description
string
changed
Description of the resource.

Sample:
My monitor
  destination
string
Specifies the IP address and service port of the resource that is the destination of this monitor.

Sample:
*:*
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/http
  interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.

Sample:
5
  ip_dscp
integer
Specifies the differentiated services code point (DSCP).

  manual_resume
boolean
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.

Sample:
True
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
http
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
http
  receive_disable_string
string
Specifies a text string that the monitor looks for in the returned resource. If the text string is matched in the returned resource, the corresponding node or pool member is marked session disabled.

Sample:
check disable string
  receive_string
string
Specifies the text string that the monitor looks for in the returned resource.

Sample:
check string
  reverse
boolean
Specifies whether the monitor operates in reverse mode. When the monitor is in reverse mode, a successful check marks the monitored object down instead of up.

  send_string
string
Specifies the text string that the monitor sends to the target object.

Sample:
GET /\r\n
  time_until_up
integer
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.

  timeout
integer
Specifies the number of seconds the target has in which to respond to the monitor request.

Sample:
16
  transparent
boolean
Specifies whether the monitor operates in transparent mode.

  up_interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.

  username
string
Specifies the username, if the monitored target requires authentication.

Sample:
user1
http_profiles
complex
When http-profiles is specified in gather_subset.
HTTP profile related facts.

Sample:
hash/dictionary of values
  accept_xff
boolean
changed
Enables or disables trusting the client IP address, and statistics from the client IP address, based on the request's X-Forwarded-For (XFF) headers, if they exist.

Sample:
True
  allow_truncated_redirects
boolean
changed
Specifies the pass-through behavior when a redirect lacking the trailing carriage-return and line feed pair at the end of the headers is parsed.
When no, will silently drop the invalid HTTP.

  default_connect_handling
string
changed
Specifies the behavior of the proxy service when handling outbound requests.

Sample:
deny
  description
string
changed
Description of the resource.

Sample:
My profile
  excess_client_headers
string
changed
Specifies the pass-through behavior when max_header_count value is exceeded by the client.
When reject, rejects the connection.

Sample:
reject
  excess_server_headers
string
changed
Specifies the pass-through behavior when max_header_count value is exceeded by the server.
When reject, rejects the connection.

Sample:
reject
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/http
  hsts_enabled
boolean
changed
When yes, enables the HTTP Strict Transport Security settings.

Sample:
True
  hsts_include_subdomains
boolean
changed
When yes, applies the HSTS policy to the HSTS host and its subdomains.

Sample:
True
  insert_x_forwarded_for
boolean
changed
When yes, specifies that the system inserts an X-Forwarded-For header in an HTTP request with the client IP address, to use with connection pooling.

  known_methods
list
changed
Optimizes the behavior of a known HTTP method in the list.
The default methods include the following HTTP/1.1 methods. CONNECT, DELETE, GET, HEAD, LOCK, OPTIONS, POST, PROPFIND, PUT, TRACE, UNLOCK.
If a known method is deleted from the known_methods list, the BIG-IP system applies the unknown_method setting to manage that traffic.

Sample:
['CONNECT', 'DELETE', '...']
  lws_max_columns
integer
changed
Specifies the maximum column width for any given line, when inserting an HTTP header in an HTTP request.

Sample:
80
  max_header_count
integer
changed
Specifies the maximum number of headers the system supports.

Sample:
64
  max_header_size
integer
changed
Specifies the maximum size in bytes the system allows for all HTTP request headers combined, including the request line.

Sample:
32768
  max_requests
integer
changed
Specifies the number of requests that the system accepts on a per-connection basis.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
http
  onconnect_transformations
boolean
changed
When yes, specifies, that the system performs HTTP header transformations for the purpose of keeping connections open.

Sample:
True
  oversize_client_headers
string
changed
Specifies the pass-through behavior when the max_header_size value is exceeded by the client.

Sample:
reject
  oversize_server_headers
string
changed
Specifies the pass-through behavior when the max_header_size value is exceeded by the server.

Sample:
reject
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
http
  pipeline_action
string
changed
Enables or disables HTTP/1.1 pipelining.

Sample:
allow
  proxy_mode
string
changed
Specifies the proxy mode for this profile. Either reverse, explicit, or transparent.

Sample:
reverse
  redirect_rewrite
string
changed
Specifies whether the system rewrites the URIs that are part of HTTP redirect (3XX) responses

Sample:
none
  request_chunking
string
changed
Specifies how the system handles HTTP content that is chunked by a client.

Sample:
preserve
  response_chunking
string
changed
Specifies how the system handles HTTP content that is chunked by a server.

Sample:
selective
  server_agent_name
string
changed
Specifies the string used as the server name in traffic generated by LTM.

Sample:
BigIP
  sflow_poll_interval
integer
changed
The maximum interval in seconds between two pollings.

  sflow_sampling_rate
integer
changed
Specifies the ratio of packets observed to the samples generated.

  unknown_method
string
changed
Specifies the behavior (allow, reject, or pass through) when an unknown HTTP method is parsed.

Sample:
allow
  via_request
string
changed
Specifies whether to Remove, Preserve, or Append Via headers included in a client request to an origin web server.

Sample:
preserve
  via_response
string
changed
Specifies whether to Remove, Preserve, or Append Via headers included in an origin web server response to a client.

Sample:
preserve
https_monitors
complex
When https-monitors is specified in gather_subset.
HTTPS monitor related facts.

Sample:
hash/dictionary of values
  adaptive
boolean
Whether adaptive response time monitoring is enabled for this monitor.

  adaptive_divergence_type
string
Specifies whether the adaptive-divergence-value is relative or absolute.

Sample:
relative
  adaptive_divergence_value
integer
Specifies how far from mean latency each monitor probe is allowed to be.

Sample:
25
  adaptive_limit
integer
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence value.

Sample:
200
  adaptive_sampling_timespan
integer
Specifies the size of the sliding window, in seconds, which records probe history.

Sample:
300
  description
string
changed
Description of the resource.

Sample:
My monitor
  destination
string
Specifies the IP address and service port of the resource that is the destination of this monitor.

Sample:
*:*
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/http
  interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.

Sample:
5
  ip_dscp
integer
Specifies the differentiated services code point (DSCP).

  manual_resume
boolean
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.

Sample:
True
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
http
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
http
  receive_disable_string
string
Specifies a text string that the monitor looks for in the returned resource. If the text string is matched in the returned resource, the corresponding node or pool member is marked session disabled.

Sample:
check disable string
  receive_string
string
Specifies the text string that the monitor looks for in the returned resource.

Sample:
check string
  reverse
boolean
Specifies whether the monitor operates in reverse mode. When the monitor is in reverse mode, a successful check marks the monitored object down instead of up.

  send_string
string
Specifies the text string that the monitor sends to the target object.

Sample:
GET /\r\n
  ssl_profile
string
Specifies the SSL profile to use for the HTTPS monitor.

Sample:
/Common/serverssl
  time_until_up
integer
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.

  timeout
integer
Specifies the number of seconds the target has in which to respond to the monitor request.

Sample:
16
  transparent
boolean
Specifies whether the monitor operates in transparent mode.

  up_interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.

  username
string
Specifies the username, if the monitored target requires authentication.

Sample:
user1
iapp_services
complex
When iapp-services is specified in gather_subset.
iApp v1 service related facts.

Sample:
hash/dictionary of values
  description
string
changed
Description of the service

Sample:
My service
  device_group
string
changed
The device group the iApp service is part of.

Sample:
/Common/dg1
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/service1
  inherited_device_group
boolean
changed
Whether the device group is inherited or not.

Sample:
True
  inherited_traffic_group
boolean
changed
Whether the traffic group is inherited or not.

Sample:
True
  lists
complex
changed
List of the lists data used to create the service.

Sample:
[{'name': 'irules__irules'}, {'value': []}, '...']
  metadata
complex
changed
List of the metadata data used to create the service..

Sample:
[{'name': 'var1'}, {'persist': 'true'}, '...']
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
service1
  strict_updates
boolean
changed
Whether strict updates are enabled or not.

Sample:
True
  tables
complex
changed
List of the tabular data used to create the service.

Sample:
[{'name': 'basic__snatpool_members'}, '...']
  template_modified
boolean
changed
Whether template that the service is based on is modified from its default value, or not.

Sample:
True
  traffic_group
string
changed
Traffic group the service is a part of.

Sample:
/Common/tg
  variables
complex
changed
List of the variable data used to create the service.

Sample:
[{'name': 'afm__policy'}, {'encrypted': 'no'}, {'value': '/#no_not_use#'}, '...']
icmp_monitors
complex
When icmp-monitors is specified in gather_subset.
ICMP monitor related facts.

Sample:
hash/dictionary of values
  adaptive
boolean
Whether adaptive response time monitoring is enabled for this monitor.

  adaptive_divergence_type
string
Specifies whether the adaptive-divergence-value is relative or absolute.

Sample:
relative
  adaptive_divergence_value
integer
Specifies how far from mean latency each monitor probe is allowed to be.

Sample:
25
  adaptive_limit
integer
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence value.

Sample:
200
  adaptive_sampling_timespan
integer
Specifies the size of the sliding window, in seconds, which records probe history.

Sample:
300
  description
string
changed
Description of the resource.

Sample:
My monitor
  destination
string
Specifies the IP address and service port of the resource that is the destination of this monitor.

Sample:
*:*
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/icmp
  interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.

Sample:
5
  manual_resume
boolean
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.

Sample:
True
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
icmp
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
icmp
  time_until_up
integer
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.

  timeout
integer
Specifies the number of seconds the target has in which to respond to the monitor request.

Sample:
16
  transparent
boolean
Specifies whether the monitor operates in transparent mode.

  up_interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.

interfaces
complex
When interfaces is specified in gather_subset.
Interface related facts.

Sample:
hash/dictionary of values
  active_media_type
string
changed
Displays the current media setting for the interface.

Sample:
100TX-FD
  bundle
string
changed
The bundle capability on the port.

Sample:
not-supported
  bundle_speed
string
changed
The bundle-speed on the port when bundle capability is enabled.

Sample:
100G
  description
string
changed
Description of the interface

Sample:
My interface
  enabled
boolean
changed
Whether the interface is enabled or not

Sample:
True
  flow_control
string
changed
Specifies how the system controls the sending of PAUSE frames for flow control.

Sample:
tx-rx
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/irul1
  if_index
integer
changed
The index assigned to this interface.

Sample:
32
  lldp_admin
string
changed
Sets the sending or receiving of LLDP packets on that interface. Should be one of disable, txonly, rxonly or txrx.

Sample:
txonly
  mac_address
string
changed
Displays the 6-byte ethernet address in non-case-sensitive hexadecimal colon notation.

Sample:
00:0b:09:88:00:9a
  media_sfp
string
changed
The settings for an SFP (pluggable) interface.

Sample:
auto
  mtu
integer
changed
Displays the Maximum Transmission Unit (MTU) of the interface, which is the maximum number of bytes in a frame without IP fragmentation.

Sample:
1500
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
irule1
  prefer_port
string
changed
Indicates which side of a combo port the interface uses, if both sides of the port have the potential for external links.

Sample:
sfp
  sflow_poll_interval
integer
changed
Specifies the maximum interval in seconds between two pollings.

  sflow_poll_interval_global
boolean
changed
Specifies whether the global interface poll-interval setting overrides the object-level poll-interval setting.

Sample:
True
  stp_auto_edge_port
boolean
changed
STP edge port detection.

Sample:
True
  stp_enabled
boolean
changed
Whether STP is enabled or not.

  stp_link_type
string
changed
Specifies the STP link type for the interface.

Sample:
auto
irules
complex
When irules is specified in gather_subset.
iRule related facts.

Sample:
hash/dictionary of values
  checksum
string
changed
Checksum of the iRule as calculated by BIG-IP.

Sample:
d41d8cd98f00b204e9800998ecf8427e
  definition
string
changed
The actual definition of the iRule.

Sample:
when HTTP_REQUEST ...
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/irul1
  ignore_verification
boolean
changed
Whether the verification of the iRule should be ignored or not.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
irule1
  signature
string
changed
The calculated signature of the iRule.

Sample:
WsYy2M6xMqvosIKIEH/FSsvhtWMe6xKOA6i7f...
ltm_pools
complex
When ltm-pools is specified in gather_subset.
List of LTM (Local Traffic Manager) pools.

Sample:
hash/dictionary of values
  active_member_count
integer
changed
The number of active pool members in the pool.

Sample:
3
  all_avg_queue_entry_age
integer
changed
Average queue entry age, for both the pool and its members.

Sample:
5
  all_max_queue_entry_age_ever
integer
changed
Maximum queue entry age ever, for both the pool and its members.

Sample:
2
  all_max_queue_entry_age_recently
integer
changed
Maximum queue entry age recently, for both the pool and its members.

Sample:
5
  all_num_connections_queued_now
integer
changed
Number of connections queued now, for both the pool and its members.

Sample:
20
  all_num_connections_serviced
integer
changed
Number of connections serviced, for both the pool and its members.

Sample:
15
  all_queue_head_entry_age
integer
changed
Queue head entry age, for both the pool and its members.

Sample:
4
  allow_nat
boolean
changed
Whether NATs are automatically enabled or disabled for any connections using this pool.

Sample:
True
  allow_snat
boolean
changed
Whether SNATs are automatically enabled or disabled for any connections using this pool.

Sample:
True
  availability_status
string
changed
The availability of the pool.

Sample:
offline
  available_member_count
integer
changed
The number of available pool members in the pool.

Sample:
4
  client_ip_tos
string
changed
Whether the system sets a Type of Service (ToS) level within a packet sent to the client, based on the targeted pool.
Values can range from 0 to 255, or be set to pass-through or mimic.

Sample:
pass-through
  client_link_qos
string
changed
Whether the system sets a Quality of Service (QoS) level within a packet sent to the client, based on the targeted pool.
Values can range from 0 to 7, or be set to pass-through.

Sample:
pass-through
  current_sessions
integer
changed
Sample:
2
  description
string
changed
Description of the pool.

Sample:
my pool
  enabled_status
string
changed
The enabled-ness of the pool.

Sample:
enabled
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/pool1
  ignore_persisted_weight
boolean
changed
Do not count the weight of persisted connections on pool members when making load balancing decisions.

  lb_method
string
changed
Load balancing method used by the pool.

Sample:
round-robin
  member_count
integer
changed
Total number of members in the pool.

Sample:
50
  members
complex
when members exist in the pool.
List of LTM (Local Traffic Manager) pools.

    address
string
changed
IP address of the pool member.

Sample:
1.1.1.1
    connection_limit
integer
changed
The maximum number of concurrent connections allowed for a pool member.

    description
string
changed
The description of the pool member.

Sample:
pool member 1
    dynamic_ratio
integer
changed
A range of numbers that you want the system to use in conjunction with the ratio load balancing method.

Sample:
1
    encapsulation_profile
string
changed
The encapsulation profile to use for the pool member.

Sample:
ip4ip4
    ephemeral
boolean
changed
Whether the node backing the pool member is ephemeral or not.

Sample:
True
    fqdn_autopopulate
boolean
changed
Whether the node should scale to the IP address set returned by DNS.

Sample:
True
    full_path
string
changed
Full name of the resource as known to BIG-IP.
Includes the port in the name

Sample:
/Common/member:80
    inherit_profile
boolean
changed
Whether the pool member inherits the encapsulation profile from the parent pool.

    logging
boolean
changed
Whether the monitor applied should log its actions.

    monitors
list
changed
Monitors active on the pool member. Monitor names are in their "full_path" form.

Sample:
['/Common/http']
    name
string
changed
Relative name of the resource in BIG-IP.

Sample:
member:80
    partition
string
changed
Partition that the member exists on.

Sample:
Common
    priority_group
integer
changed
The priority group within the pool for this pool member.

    rate_limit
boolean
changed
The maximum number of connections per second allowed for a pool member.

    ratio
integer
changed
The weight of the pool for load balancing purposes.

Sample:
1
    session
string
changed
Enables or disables the pool member for new sessions.

Sample:
monitor-enabled
    state
string
changed
Controls the state of the pool member, overriding any monitors.

Sample:
down
  metadata
complex
changed
Dictionary of arbitrary key/value pairs set on the pool.

Sample:
hash/dictionary of values
  minimum_active_members
integer
changed
Whether the system load balances traffic according to the priority number assigned to the pool member.
This parameter is identical to priority_group_activation and is just an alias for it.

Sample:
2
  minimum_up_members
integer
changed
The minimum number of pool members that must be up.

Sample:
1
  minimum_up_members_action
string
changed
The action to take if the minimum_up_members_checking is enabled and the number of active pool members falls below the number specified in minimum_up_members.

Sample:
failover
  minimum_up_members_checking
boolean
changed
Enables or disables the minimum_up_members feature.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
pool1
  pool_avg_queue_entry_age
integer
changed
Average queue entry age, for the pool only.

Sample:
5
  pool_max_queue_entry_age_ever
integer
changed
Maximum queue entry age ever, for the pool only.

Sample:
2
  pool_max_queue_entry_age_recently
integer
changed
Maximum queue entry age recently, for the pool only.

Sample:
5
  pool_num_connections_queued_now
integer
changed
Number of connections queued now, for the pool only.

Sample:
20
  pool_num_connections_serviced
integer
changed
Number of connections serviced, for the pool only.

Sample:
15
  pool_queue_head_entry_age
integer
changed
Queue head entry age, for the pool only.

Sample:
4
  priority_group_activation
integer
changed
Whether the system load balances traffic according to the priority number assigned to the pool member.
This parameter is identical to minimum_active_members and is just an alias for it.

Sample:
2
  queue_depth_limit
integer
changed
The maximum number of connections that may simultaneously be queued to go to any member of this pool.

Sample:
3
  queue_on_connection_limit
boolean
changed
Enable or disable queuing connections when pool member or node connection limits are reached.

Sample:
True
  queue_time_limit
integer
changed
Specifies the maximum time, in milliseconds, a connection will remain enqueued.

  real_session
string
changed
The actual REST API value for the session attribute.
This is different from the state return value, insofar as the return value can be considered a generalization of all available sessions, instead of the specific value of the session.

Sample:
monitor-enabled
  real_state
string
changed
The actual REST API value for the state attribute.
This is different from the state return value, insofar as the return value can be considered a generalization of all available states, instead of the specific value of the state.

Sample:
up
  reselect_tries
integer
changed
The number of times the system tries to contact a pool member after a passive failure.

  server_ip_tos
string
changed
The Type of Service (ToS) level to use when sending packets to a server.

Sample:
pass-through
  server_link_qos
string
changed
The Quality of Service (QoS) level to use when sending packets to a server.

Sample:
pass-through
  server_side_bits_in
integer
changed
Number of server-side ingress bits.

Sample:
1000
  server_side_bits_out
integer
changed
Number of server-side egress bits.

Sample:
200
  server_side_current_connections
integer
changed
Number of current connections server-side.

Sample:
300
  server_side_max_connections
integer
changed
Maximum number of connections server-side.

Sample:
40
  server_side_pkts_in
integer
changed
Number of server-side ingress packets.

Sample:
1098384
  server_side_pkts_out
integer
changed
Number of server-side egress packets.

Sample:
3484734
  server_side_total_connections
integer
changed
Total number of connections.

Sample:
24
  service_down_action
string
changed
The action to take if the service specified in the pool is marked down.

Sample:
none
  slow_ramp_time
integer
changed
The ramp time for the pool.
This provides the ability to cause a pool member that has just been enabled, or marked up, to receive proportionally less traffic than other members in the pool.

Sample:
10
  status_reason
string
changed
If there is a problem with the status of the pool, that problem is reported here.

Sample:
The children pool member(s) are down.
  total_requests
integer
changed
Total requests.

Sample:
8
nodes
complex
When nodes is specified in gather_subset.
Node related facts.

Sample:
hash/dictionary of values
  address
string
changed
IP address of the node.

Sample:
2.3.4.5
  availability_status
string
changed
The availability of the node.

Sample:
offline
  connection_limit
integer
changed
Maximum number of connections that node can handle.

Sample:
100
  description
string
changed
Description of the node.

Sample:
My node
  dynamic_ratio
integer
changed
Dynamic ratio number for the node used when doing Dynamic Ratio load balancing.

Sample:
200
  enabled_status
string
changed
The enabled-ness of the node.

Sample:
enabled
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/5.6.7.8
  monitor_rule
string
changed
A string representation of the full monitor rule.

Sample:
/Common/https_443 and /Common/icmp
  monitor_status
string
changed
Status of the node as reported by the monitor(s) associated with it.
This value is also used in determining node state.

Sample:
down
  monitor_type
string
changed
The monitor_type field related to the bigip_node module, for this nodes monitors.

Sample:
and_list
  monitors
list
changed
A list of the monitors identified in the monitor_rule.

Sample:
['/Common/https_443', '/Common/icmp']
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
5.6.7.8
  rate_limit
integer
changed
Maximum number of connections per second allowed for node.

Sample:
1000
  ratio
integer
changed
Fixed size ratio used for node during Ratio load balancing.

Sample:
10
  session_status
string
changed
This value is also used in determining node state.

Sample:
enabled
  status_reason
string
changed
If there is a problem with the status of the node, that problem is reported here.

Sample:
/Common/https_443 No successful responses received...
oneconnect_profiles
complex
When oneconnect-profiles is specified in gather_subset.
OneConnect profile related facts.

Sample:
hash/dictionary of values
  description
string
changed
Description of the resource.

Sample:
My profile
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/oneconnect
  idle_timeout_override
integer
changed
Specifies the number of seconds that a connection is idle before the connection flow is eligible for deletion.

Sample:
1000
  limit_type
string
changed
When none, simultaneous in-flight requests and responses over TCP connections to a pool member are counted toward the limit.
When idle, idle connections will be dropped as the TCP connection limit is reached.
When strict, the TCP connection limit is honored with no exceptions. This means that idle connections will prevent new TCP connections from being made until they expire, even if they could otherwise be reused.

Sample:
idle
  max_age
integer
changed
Specifies the maximum age, in number of seconds, of a connection in the connection reuse pool.

Sample:
100
  max_reuse
integer
changed
Specifies the maximum number of times that a server connection can be reused.

Sample:
1000
  max_size
integer
changed
Specifies the maximum number of connections that the system holds in the connection reuse pool.
If the pool is already full, then the server connection closes after the response is completed.

Sample:
1000
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
oneconnect
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
oneconnect
  share_pools
boolean
changed
Indicates that connections may be shared not only within a virtual server, but also among similar virtual servers.

Sample:
True
  source_mask
string
changed
Specifies a source IP mask.
If no mask is provided, the value any6 is used.

Sample:
255.255.255.0
partitions
complex
When partitions is specified in gather_subset.
Partition related information.

Sample:
hash/dictionary of values
  default_route_domain
integer
changed
ID of the route domain that is associated with the IP addresses that reside in the partition.

  description
string
changed
Description of the partition.

Sample:
Tenant 1
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
Common
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
Common
provision_info
complex
When provision-info is specified in gather_subset.
Module provisioning related information.

Sample:
hash/dictionary of values
  cpu_ratio
integer
changed
Ratio of CPU allocated to this module.
Only relevant if level was specified as custom. Otherwise, this value will be reported as 0.

  disk_ratio
integer
changed
Ratio of disk allocated to this module.
Only relevant if level was specified as custom. Otherwise, this value will be reported as 0.

  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
asm
  level
integer
changed
Provisioned level of the module on BIG-IP.
Valid return values can include none, minimum, nominal, dedicated and custom.

  memory_ratio
integer
changed
Ratio of memory allocated to this module.
Only relevant if level was specified as custom. Otherwise, this value will be reported as 0.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
asm
self_ips
complex
When self-ips is specified in gather_subset.
Self-IP related facts.

Sample:
hash/dictionary of values
  allow_access_list
list
changed
List of protocols and optionally their ports that are allowed to access the Self-IP. Also known as port-lockdown in the web interface.
Items in the list are in the format of "protocol:port". Some items may not have a port associated with them and in those cases the port is 0.

Sample:
['tcp:80', 'egp:0']
  description
string
changed
Description of the Self-IP.

Sample:
My self-ip
  floating
boolean
changed
Whether the Self-IP is a floating address or not.

Sample:
True
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/self1
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
self1
  netmask
string
changed
Netmask portion of the IP address. In dotted notation.

Sample:
255.255.255.0
  netmask_cidr
integer
changed
Netmask portion of the IP address. In CIDR notation.

Sample:
24
  service_policy
string
changed
Service policy assigned to the Self-IP.

Sample:
/Common/service1
  traffic_group
string
changed
Traffic group the Self-IP is associated with.

Sample:
/Common/traffic-group-local-only
  traffic_group_inherited
boolean
changed
Whether or not the traffic group is inherited.

  vlan
string
changed
VLAN associated with the Self-IP.

Sample:
/Common/vlan1
server_ssl_profiles
complex
When server-ssl-profiles is specified in gather_subset.
Server SSL related facts.

Sample:
hash/dictionary of values
  alert_timeout
string
changed
Maximum time period in seconds to keep the SSL session active after alert message is sent, or indefinite.

Sample:
100
  allow_expired_crl
boolean
changed
Use the specified CRL file even if it has expired.

Sample:
True
  authenticate_depth
integer
changed
The client certificate chain maximum traversal depth

Sample:
9
  authenticate_name
string
changed
Common Name (CN) that is embedded in a server certificate.
The system authenticates a server based on the specified CN.

Sample:
foo
  authentication_frequency
string
changed
Specifies the frequency of authentication.

Sample:
once
  bypass_on_client_cert_fail
boolean
Enables or disables SSL forward proxy bypass on failing to get client certificate that server asks for.

Sample:
True
  bypass_on_handshake_alert
boolean
Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake.

  c3d_ca_cert
string
Name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled.

Sample:
/Common/cacert.crt
  c3d_ca_key
string
Name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled.

Sample:
/Common/default.key
  c3d_cert_extension_includes
list
Extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

Sample:
['basic-constraints', 'extended-key-usage', '...']
  c3d_cert_lifespan
integer
Lifespan of the certificate generated using the SSL client certificate constrained delegation.

Sample:
24
  ca_file
string
Certificate authority file name.

Sample:
default.crt
  cache_size
integer
The SSL session cache size.

Sample:
262144
  cache_timeout
integer
The SSL session cache timeout value, which is the usable lifetime seconds of negotiated SSL session IDs.

Sample:
86400
  cert
string
The name of the certificate installed on the traffic management system for the purpose of terminating or initiating an SSL connection.

Sample:
/Common/default.crt
  chain
string
Specifies or builds a certificate chain file that a client can use to authenticate the profile.

Sample:
/Common/default.crt
  cipher_group
string
Specifies a cipher group.

  ciphers
string
Specifies a cipher name

Sample:
DEFAULT
  crl_file
string
Specifies the certificate revocation list file name.

  description
string
changed
Description of the resource.

Sample:
My profile
  expire_cert_response_control
string
Specifies the BIGIP action when the server certificate has expired.

Sample:
drop
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
serverssl
  generic_alert
boolean
Enables or disables generic-alert.

Sample:
True
  handshake_timeout
string
Specifies the handshake timeout in seconds.

Sample:
10
  key
string
Specifies the key file name. Specifies the name of the key installed on the traffic management system for the purpose of terminating or initiating an SSL connection.

Sample:
/Common/default.key
  max_active_handshakes
string
Specifies the maximum number allowed SSL active handshakes.

Sample:
100
  mod_ssl_methods
boolean
Enables or disables ModSSL methods.

Sample:
True
  mode
boolean
Enables or disables SSL processing.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
serverssl
  ocsp
string
Specifies the name of ocsp profile for purpose of validating status of server certificate.

  options
list
Enables options, including some industry-related workarounds.

Sample:
['netscape-reuse-cipher-change-bug', 'dont-insert-empty-fragments']
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
serverssl
  peer_cert_mode
string
Specifies the peer certificate mode.

Sample:
ignore
  proxy_ssl
boolean
Allows further modification of application traffic within an SSL tunnel while still allowing the server to perform necessary authorization, authentication, auditing steps.

Sample:
True
  proxy_ssl_passthrough
boolean
Allows Proxy SSL to passthrough the traffic when ciphersuite negotiated between the client and server is not supported.

Sample:
True
  renegotiate_period
string
Number of seconds from the initial connect time after which the system renegotiates an SSL session.

Sample:
indefinite
  renegotiate_size
string
Specifies a throughput size, in megabytes, of SSL renegotiation.

Sample:
indefinite
  renegotiation
boolean
Whether renegotiations are enabled.

Sample:
True
  retain_certificate
boolean
APM module requires storing certificate in SSL session. When no, certificate will not be stored in SSL session.

  secure_renegotiation
string
Specifies the secure renegotiation mode.

Sample:
require
  server_name
string
Server name to be included in SNI (server name indication) extension during SSL handshake in ClientHello.

  session_mirroring
boolean
Enables or disables the mirroring of sessions to high availability peer.

Sample:
True
  session_ticket
boolean
Enables or disables session-ticket.

  sni_default
boolean
When yes, this profile is the default SSL profile when the server name in a client connection does not match any configured server names, or a client connection does not specify any server name at all.

Sample:
True
  sni_require
boolean
When yes, connections to a server that does not support SNI extension will be rejected.

  ssl_c3d
boolean
Enables or disables SSL Client certificate constrained delegation.

Sample:
True
  ssl_forward_proxy_bypass
boolean
Enables or disables ssl-forward-proxy-bypass feature.

Sample:
True
  ssl_forward_proxy_enabled
boolean
Enables or disables ssl-forward-proxy feature.

  ssl_sign_hash
string
Specifies SSL sign hash algorithm which is used to sign and verify SSL Server Key Exchange and Certificate Verify messages for the specified SSL profiles.

Sample:
sha1
  strict_resume
boolean
Enables or disables the resumption of SSL sessions after an unclean shutdown.

  unclean_shutdown
boolean
Specifies, when yes, that the SSL profile performs unclean shutdowns of all SSL connections, which means that underlying TCP connections are closed without exchanging the required SSL shutdown alerts.

Sample:
True
  untrusted_cert_response_control
string
Specifies the BIGIP action when the server certificate has untrusted CA.

Sample:
drop
software_hotfixes
complex
When software-hotfixes is specified in gather_subset.
List of software hotfixes.

Sample:
hash/dictionary of values
  build
string
changed
Build number of the image.
This is usually a sub-string of the name.

Sample:
3.0.1679
  checksum
string
changed
MD5 checksum of the image.
Note that this is the checksum that is stored inside the ISO. It is not the actual checksum of the ISO.

Sample:
df1ec715d2089d0fa54c0c4284656a98
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
Hotfix-BIGIP-13.0.0.3.0.1679-HF3.iso
  id
string
changed
ID component of the image.
This is usually a sub-string of the name.

Sample:
HF3
  name
string
changed
Name of the image.

Sample:
Hotfix-BIGIP-13.0.0.3.0.1679-HF3.iso
  product
string
changed
Product contained in the ISO.

Sample:
BIG-IP
  title
string
changed
Human friendly name of the image.

Sample:
Hotfix Version 3.0.1679
  verified
boolean
changed
Whether or not the system has verified this image.

Sample:
True
  version
string
changed
Version of software contained in the image.
This is a sub-string of the name.

Sample:
13.0.0
software_images
complex
When software-images is specified in gather_subset.
List of software images.

Sample:
hash/dictionary of values
  build
string
changed
Build number of the image.
This is usually a sub-string of the name.

Sample:
0.0.1
  build_date
string
changed
Date of the build.

Sample:
2018-05-05T15:26:30
  checksum
string
changed
MD5 checksum of the image.
Note that this is the checksum that is stored inside the ISO. It is not the actual checksum of the ISO.

Sample:
df1ec715d2089d0fa54c0c4284656a98
  file_size
integer
changed
Size, in megabytes, of the image.

Sample:
1938
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
BIGIP-13.1.0.7-0.0.1.iso
  last_modified
string
changed
Last modified date of the ISO.

Sample:
2018-05-05T15:26:30
  name
string
changed
Name of the image.

Sample:
BIGIP-13.1.0.7-0.0.1.iso
  product
string
changed
Product contained in the ISO.

Sample:
BIG-IP
  verified
boolean
changed
Whether or not the system has verified this image.

Sample:
True
  version
string
changed
Version of software contained in the image.
This is a sub-string of the name.

Sample:
13.1.0.7
software_volumes
complex
When software-volumes is specified in gather_subset.
List of software volumes.

Sample:
hash/dictionary of values
  active
boolean
changed
Whether the volume is currently active or not.
An active volume contains the currently running version of software.

Sample:
True
  base_build
string
changed
Base build version of the software installed in the volume.
When a hotfix is installed, this refers to the base version of software that the hotfix requires.

Sample:
0.0.6
  build
string
changed
Build version of the software installed in the volume.

Sample:
0.0.6
  default_boot_location
boolean
changed
Whether this volume is the default boot location or not.

Sample:
True
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
HD1.1
  name
string
changed
Relative name of the resource in BIG-IP.
This usually matches the full_name.

Sample:
HD1.1
  product
string
changed
The F5 product installed in this slot.
This should always be BIG-IP.

Sample:
BIG-IP
  status
string
changed
Status of the software installed, or being installed, in the volume.
When complete, indicates that the software has completed installing.

Sample:
complete
  version
string
changed
Version of software installed in the volume, excluding the build number.

Sample:
13.1.0.4
ssl_certs
complex
When ssl-certs is specified in gather_subset.
SSL certificate related facts.

Sample:
hash/dictionary of values
  create_time
string
changed
Specifies the time at which the file-object was created.

Sample:
2018-05-15T21:11:15Z
  expiration_date
string
changed
Specifies a string representation of the expiration date of the certificate.

Sample:
Aug 13 21:21:29 2031 GMT
  expiration_timestamp
integer
changed
Specifies the date at which this certificate expires. Stored as a POSIX time.

Sample:
1944422489
  fingerprint
string
changed
Displays the SHA-256 fingerprint of the certificate.

Sample:
SHA256/88:A3:05:...:59:01:EA:5D:B0
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/cert1
  is_bundle
boolean
changed
Specifies whether the certificate file is a bundle (that is, whether it contains more than one certificate).

  issuer
string
changed
Specifies X509 information of the certificate's issuer.

Sample:
[email protected],...CN=support.f5.com,
  key_size
integer
changed
Specifies the size (in bytes) of the file associated with this file object.

Sample:
2048
  key_type
string
changed
Specifies the type of cryptographic key associated with this certificate.

Sample:
rsa-private
  last_update_time
string
changed
Specifies the last time at which the file-object was updated/modified.

Sample:
2018-05-15T21:11:15Z
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
cert1
  sha1_checksum
string
changed
SHA1 checksum of the certificate.

Sample:
1306e84e1e6a2da53816cefe1f684b80d6be1e3e
  subject
string
changed
Specifies X509 information of the certificate's subject.

Sample:
  system_path
string
changed
Path on the BIG-IP where the cert can be found.

Sample:
/config/ssl/ssl.crt/f5-irule.crt
ssl_keys
complex
When ssl-certs is specified in gather_subset.
SSL certificate related facts.

Sample:
hash/dictionary of values
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/key1
  key_size
integer
changed
Specifies the size of the cryptographic key associated with this file object, in bits.

Sample:
2048
  key_type
string
changed
Specifies the cryptographic type of the key in question. That is, which algorithm this key is compatible with.

Sample:
rsa-private
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
key1
  security_type
string
changed
Specifies the type of security used to handle or store the key.

Sample:
normal
  sha1_checksum
string
changed
The SHA1 checksum of the key.

Sample:
1fcf7de3dd8e834d613099d8e10b2060cd9ecc9f
  system_path
string
changed
The path on the filesystem where the key is stored.

Sample:
/config/ssl/ssl.key/default.key
system_db
complex
When system-db is specified in gather_subset.
System DB related facts.

Sample:
hash/dictionary of values
  default
string
changed
Default value of the key.

Sample:
www.f5.com
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
vendor.wwwurl
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
vendor.wwwurl
  scf_config
string
changed
Whether the database key would be found in an SCF config or not.

  value
string
changed
The value of the key

Sample:
www.f5.com
  value_range
string
changed
The accepted range of values for the key

Sample:
string
system_info
complex
When traffic-groups is specified in gather_subset.
Traffic group related facts.

Sample:
hash/dictionary of values
  base_mac_address
string
changed
Media Access Control address (MAC address) of the device.

Sample:
fa:16:3e:c3:42:6f
  chassis_serial
string
Serial of the chassis

Sample:
11111111-2222-3333-444444444444
  hardware_information
complex
changed
Information related to the hardware (drives and CPUs) of the system.

    model
string
The model of the hardware.

Sample:
Virtual Disk
    name
string
The name of the hardware.

Sample:
HD1
    type
string
The type of hardware.

Sample:
physical-disk
    versions
complex
Hardware specific properties

      name
string
Name of the property

Sample:
Size
      version
string
Value of the property

Sample:
154.00G
  host_board_part_revision
string
Revision of the host board.

  host_board_serial
string
Serial of the host board.

  marketing_name
string
changed
Marketing name of the device platform.

Sample:
BIG-IP Virtual Edition
  package_edition
string
changed
Displays the software edition.

Sample:
Point Release 7
  package_version
string
A string combining the product_build and product_build_date.

Sample:
Build 0.0.1 - Tue May 15 15:26:30 PDT 2018
  platform
string
Platform identifier.

Sample:
Z100
  product_build
string
Build version of the release version.

Sample:
0.0.1
  product_build_date
string
Human readable build date.

Sample:
Tue May 15 15:26:30 PDT 2018
  product_built
integer
Unix timestamp of when the product was built.

Sample:
180515152630
  product_changelist
integer
Changelist that product branches from.

Sample:
2557198
  product_code
string
Code identifying the product.

Sample:
BIG-IP
  product_jobid
integer
ID of the job that built the product version.

Sample:
1012030
  product_version
string
Major product version of the running software.

Sample:
13.1.0.7
  switch_board_part_revision
string
Switch board revision.

  switch_board_serial
string
Serial of the switch board.

  time
complex
changed
Mapping of the current time information to specific time-named keys.

    day
integer
changed
The current day of the month, in numeric form.

Sample:
7
    hour
integer
changed
The current hour of the day in 24-hour form.

Sample:
18
    minute
integer
changed
The current minute of the hour.

Sample:
16
    month
integer
changed
The current month, in numeric form.

Sample:
6
    second
integer
changed
The current second of the minute.

Sample:
51
    year
integer
changed
The current year in 4-digit form.

Sample:
2018
  uptime
integer
Time, in seconds, since the system booted.

Sample:
603202
tcp_half_open_monitors
complex
When tcp-half-open-monitors is specified in gather_subset.
TCP Half-open monitor related facts.

Sample:
hash/dictionary of values
  description
string
changed
Description of the resource.

Sample:
My monitor
  destination
string
Specifies the IP address and service port of the resource that is the destination of this monitor.

Sample:
*:*
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/tcp
  interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.

Sample:
5
  manual_resume
boolean
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.

Sample:
True
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
tcp
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
tcp
  time_until_up
integer
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.

  timeout
integer
Specifies the number of seconds the target has in which to respond to the monitor request.

Sample:
16
  transparent
boolean
Specifies whether the monitor operates in transparent mode.

  up_interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.

tcp_monitors
complex
When tcp-monitors is specified in gather_subset.
TCP monitor related facts.

Sample:
hash/dictionary of values
  adaptive
boolean
Whether adaptive response time monitoring is enabled for this monitor.

  adaptive_divergence_type
string
Specifies whether the adaptive-divergence-value is relative or absolute.

Sample:
relative
  adaptive_divergence_value
integer
Specifies how far from mean latency each monitor probe is allowed to be.

Sample:
25
  adaptive_limit
integer
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence value.

Sample:
200
  adaptive_sampling_timespan
integer
Specifies the size of the sliding window, in seconds, which records probe history.

Sample:
300
  description
string
changed
Description of the resource.

Sample:
My monitor
  destination
string
Specifies the IP address and service port of the resource that is the destination of this monitor.

Sample:
*:*
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/tcp
  interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.

Sample:
5
  ip_dscp
integer
Specifies the differentiated services code point (DSCP).

  manual_resume
boolean
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.

Sample:
True
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
tcp
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
tcp
  reverse
boolean
Specifies whether the monitor operates in reverse mode. When the monitor is in reverse mode, a successful check marks the monitored object down instead of up.

  time_until_up
integer
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.

  timeout
integer
Specifies the number of seconds the target has in which to respond to the monitor request.

Sample:
16
  transparent
boolean
Specifies whether the monitor operates in transparent mode.

  up_interval
integer
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.

tcp_profiles
complex
When tcp-profiles is specified in gather_subset.
TCP profile related facts.

Sample:
hash/dictionary of values
  abc
boolean
Appropriate Byte Counting (RFC 3465)
When yes, increases the congestion window by basing the increase amount on the number of previously unacknowledged bytes that each ACK covers.

Sample:
True
  ack_on_push
boolean
Specifies, when yes, significantly improved performance to Microsoft Windows and MacOS peers who are writing out on a very small send buffer.

  auto_proxy_buffer
boolean
Specifies, yes, that the system uses the network measurements to set the optimal proxy buffer size.

Sample:
True
  auto_receive_window
boolean
Specifies, when yes, that the system uses the network measurements to set the optimal receive window size.

  auto_send_buffer
boolean
Specifies, when yes, that the system uses the network measurements to set the optimal send buffer size.

Sample:
True
  close_wait
string
Specifies the length of time that a TCP connection remains in the LAST-ACK state before quitting.
In addition to a numeric value, the value of this fact may also be one of immediate or indefinite.
When immediate, specifies that the TCP connection closes immediately after entering the LAST-ACK state.
When indefinite, specifies that TCP connections in the LAST-ACK state do not close until they meet the maximum retransmissions timeout.

Sample:
indefinite
  congestion_control
string
Specifies the algorithm to use to share network resources among competing users to reduce congestion.
Return values may include, high-speed, cdg, chd, none, cubic, illinois, new-reno, reno, scalable, vegas, westwood, and woodside.

Sample:
high-speed
  congestion_metrics_cache
boolean
Specifies, when yes, that the system uses a cache for storing congestion metrics.
Subsequently, because these metrics are already known and cached, the initial slow-start ramp for previously-encountered peers improves.

Sample:
True
  congestion_metrics_cache_timeout
integer
Specifies the number of seconds for which entries in the congestion metrics cache are valid.

  deferred_accept
boolean
Specifies, when yes, that the system defers allocation of the connection chain context until the system has received the payload from the client.
Enabling this setting is useful in dealing with 3-way handshake denial-of-service attacks.

Sample:
True
  delay_window_control
boolean
Specifies that the system uses an estimate of queuing delay as a measure of congestion to control, in addition to the normal loss-based control, the amount of data sent.

Sample:
True
  delayed_acks
boolean
Specifies, when checked (enabled), that the system can send fewer than one ACK (acknowledgment) segment per data segment received.

Sample:
True
  description
string
changed
Description of the resource.

Sample:
My profile
  dont_fragment_flag
string
Specifies the Don't Fragment (DF) bit setting in the IP Header of the outgoing TCP packet.

Sample:
pmtu
  dsack
boolean
D-SACK (RFC 2883)
Specifies, when yes, the use of the selective ACK (SACK) option to acknowledge duplicate segments.

Sample:
True
  early_retransmit
boolean
Specifies, when yes, that the system uses early retransmit (as specified in RFC 5827) to reduce the recovery time for connections that are receive- buffer or user-data limited.

Sample:
True
  enhanced_loss_recovery
boolean
Specifies whether the system uses enhanced loss recovery to recover from random packet losses more effectively.

Sample:
True
  explicit_congestion_notification
boolean
Specifies, when yes, that the system uses the TCP flags CWR (congestion window reduction) and ECE (ECN-Echo) to notify its peer of congestion and congestion counter-measures.

Sample:
True
  fast_open
boolean
Specifies, when yes, that the system supports TCP Fast Open, which reduces latency by allowing a client to include the first packet of data with the SYN

Sample:
True
  fast_open_cookie_expiration
integer
Specifies the number of seconds that a Fast Open Cookie delivered to a client is valid for SYN packets from that client.

Sample:
1000
  fin_wait_1
string
Specifies the length of time that a TCP connection is in the FIN-WAIT-1 or CLOSING state before quitting.

Sample:
indefinite
  fin_wait_2
string
Specifies the length of time that a TCP connection is in the FIN-WAIT-2 state before quitting.

Sample:
100
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
tcp
  idle_timeout
string
Specifies the length of time that a connection is idle (has no traffic) before the connection is eligible for deletion.

Sample:
300
  initial_congestion_window_size
integer
Specifies the initial congestion window size for connections to this destination.

Sample:
3
  initial_receive_window_size
integer
Specifies the initial receive window size for connections to this destination.

Sample:
5
  ip_tos
string
Specifies the L3 Type of Service (ToS) level that the system inserts in TCP packets destined for clients.

Sample:
mimic
  keep_alive_interval
string
Specifies how frequently the system sends data over an idle TCP connection, to determine whether the connection is still valid.

Sample:
50
  limited_transmit_recovery
boolean
Specifies, when yes, that the system uses limited transmit recovery revisions for fast retransmits (as specified in RFC 3042) to reduce the recovery time for connections on a lossy network.

Sample:
True
  link_qos
string
Specifies the L2 Quality of Service (QoS) level that the system inserts in TCP packets destined for clients.

Sample:
200
  max_segment_retrans
integer
Specifies the maximum number of times that the system resends data segments.

Sample:
8
  max_segment_size
integer
Specifies the largest amount of data that the system can receive in a single TCP segment, not including the TCP and IP headers.

Sample:
1460
  max_syn_retrans
integer
Specifies the maximum number of times that the system resends a SYN packet when it does not receive a corresponding SYN-ACK.

Sample:
3
  md5_signature
boolean
Specifies, when yes, to use RFC2385 TCP-MD5 signatures to protect TCP traffic against intermediate tampering.

Sample:
True
  minimum_rto
integer
Specifies the minimum length of time the system waits for acknowledgements of data sent before resending the data.

Sample:
1000
  mptcp_checksum
boolean
Specifies, when yes, that the system calculates the checksum for MPTCP connections.

  mptcp_checksum_verify
boolean
Specifies, when yes, that the system verifies the checksum for MPTCP connections.

  mptcp_fallback
string
Specifies an action on fallback, that is, when MPTCP transitions to regular TCP, because something prevents MPTCP from working correctly.

Sample:
reset
  mptcp_fast_join
boolean
Specifies, when yes, a FAST join, allowing data to be sent on the MP_JOIN_SYN, which can allow a server response to occur in parallel with the JOIN.

  mptcp_idle_timeout
integer
Specifies the number of seconds that an MPTCP connection is idle before the connection is eligible for deletion.

Sample:
300
  mptcp_join_max
integer
Specifies the highest number of MPTCP connections that can join to a given connection.

Sample:
5
  mptcp_make_after_break
boolean
Specifies that make-after-break functionality is supported, allowing for long-lived MPTCP sessions.

  mptcp_no_join_dss_ack
boolean
Specifies, when checked (enabled), that no DSS option is sent on the JOIN ACK.

  mptcp_retransmit_min
integer
Specifies the minimum value (in msec) of the retransmission timer for these MPTCP flows.

Sample:
1000
  mptcp_rto_max
integer

Sample:
5
  mptcp_subflow_max
integer
Specifies the maximum number of MPTCP subflows for a single flow.

Sample:
6
  mptcp_timeout
integer
Specifies, in seconds, the timeout value to discard long-lived sessions that do not have an active flow.

Sample:
3600
  multipath_tcp
boolean
Specifies, when yes, that the system accepts Multipath TCP (MPTCP) connections, which allow multiple client-side flows to connect to a single server-side flow.

Sample:
True
  nagle_algorithm
boolean
Specifies whether the system applies Nagle's algorithm to reduce the number of short segments on the network.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
/Common/tcp
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
tcp
  pkt_loss_ignore_burst
integer
Specifies the probability of performing congestion control when multiple packets are lost, even if the Packet Loss Ignore Rate was not exceeded.

  pkt_loss_ignore_rate
integer
Specifies the threshold of packets lost per million at which the system performs congestion control.

  proxy_buffer_high
integer
Specifies the proxy buffer level, in bytes, at which the receive window is closed.

Sample:
49152
  proxy_buffer_low
integer
Specifies the proxy buffer level, in bytes, at which the receive window is opened.

Sample:
32768
  proxy_max_segment
boolean
Specifies, when yes, that the system attempts to advertise the same maximum segment size (MSS) to the server-side connection as that of the client-side connection.

Sample:
True
  proxy_options
boolean
Specifies, when yes, that the system advertises an option (such as time stamps) to the server only when the option is negotiated with the client.

  push_flag
string
Specifies how the BIG-IP system receives ACKs.

Sample:
default
  rate_pace
boolean
Specifies, when yes, that the system paces the egress packets to avoid dropping packets, allowing for optimum goodput.

Sample:
True
  rate_pace_max_rate
integer
Specifies the maximum rate in bytes per second to which the system paces TCP data transmission.

  receive_window
integer
Specifies the maximum advertised RECEIVE window size.

Sample:
65535
  reset_on_timeout
boolean
Specifies, when yes, that the system sends a reset packet (RST) in addition to deleting the connection, when a connection exceeds the idle timeout value.

Sample:
True
  retransmit_threshold
integer
Specifies the number of duplicate ACKs (retransmit threshold) to start fast recovery.

Sample:
3
  selective_acks
boolean
Specifies, when yes, that the system processes data using selective ACKs (SACKs) whenever possible, to improve system performance.

Sample:
True
  selective_nack
boolean
Specifies, when yes, that the system processes data using a selective negative acknowledgment (SNACK) whenever possible, to improve system performance.

Sample:
True
  send_buffer
integer
Specifies the SEND window size.

Sample:
65535
  slow_start
boolean
Specifies, when yes, that the system uses Slow-Start Congestion Avoidance as described in RFC3390 in order to ramp up traffic without causing excessive congestion on the link.

Sample:
True
  syn_cookie_enable
boolean
Specifies the default (if no DoS profile is associated) number of embryonic connections that are allowed on any virtual server, before SYN Cookie challenges are enabled for that virtual server.

Sample:
True
  syn_cookie_white_list
boolean
Specifies whether or not to use a SYN Cookie WhiteList when doing software SYN Cookies.

  syn_retrans_to_base
integer
Specifies the initial RTO (Retransmission TimeOut) base multiplier for SYN retransmissions.

Sample:
3000
  tail_loss_probe
boolean
Specifies, when yes, that the system uses Tail Loss Probe to reduce the number of retransmission timeouts.

Sample:
True
  time_to_live
string
Specifies the outgoing TCP packet's IP Header TTL mode.

Sample:
proxy
  time_to_live_v4
integer
Specifies the outgoing packet's IP Header TTL value for IPv4 traffic.

Sample:
255
  time_to_live_v6
integer
Specifies the outgoing packet's IP Header TTL value for IPv6 traffic.

Sample:
64
  time_wait
string
Specifies the length of time that a TCP connection remains in the TIME-WAIT state before entering the CLOSED state.

Sample:
2000
  time_wait_recycle
boolean
Specifies, when yes, that connections in a TIME-WAIT state are reused when the system receives a SYN packet, indicating a request for a new connection.

Sample:
True
  timestamps
boolean
Specifies, when yes, that the system uses the timestamps extension for TCP (as specified in RFC 1323) to enhance high-speed network performance.

Sample:
True
  verified_accept
boolean
Specifies, when yes, that the system can actually communicate with the server before establishing a client connection.

Sample:
True
  zero_window_timeout
string
Specifies the timeout in milliseconds for terminating a connection with an effective zero length TCP transmit window.

Sample:
2000
traffic_groups
complex
When traffic-groups is specified in gather_subset.
Traffic group related facts.

Sample:
hash/dictionary of values
  auto_failback_enabled
boolean
changed
Specifies whether the traffic group fails back to the default device.

Sample:
True
  auto_failback_time
integer
changed
Specifies the time required to fail back.

Sample:
60
  description
string
changed
Description of the traffic group.

Sample:
My traffic group
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/tg1
  ha_load_factor
integer
changed
Specifies a number for this traffic group that represents the load this traffic group presents to the system relative to other traffic groups.

Sample:
1
  ha_order
list
changed
This list of devices specifies the order in which the devices will become active for the traffic group when a failure occurs.

Sample:
['/Common/device1', '/Common/device2']
  is_floating
boolean
changed
Indicates whether the traffic group can fail over to other devices in the device group.

  mac_masquerade_address
string
changed
Specifies a MAC address for the traffic group.

Sample:
00:98:76:54:32:10
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
tg1
trunks
complex
When trunks is specified in gather_subset.
Trunk related facts.

Sample:
hash/dictionary of values
  configured_member_count
integer
changed
The number of configured members that are associated with the trunk.

Sample:
1
  description
string
changed
Description of the Trunk.

Sample:
My trunk
  distribution_hash
string
changed
The basis for the has that the system uses as the frame distribution algorithm.
The system uses this hash to determine which interface to use for forwarding traffic.

Sample:
src-dst-ipport
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/trunk1
  interfaces
list
changed
The list of interfaces that are part of the trunk.

Sample:
['1.2', '1.3']
  lacp_enabled
boolean
changed
Whether LACP is enabled or not.

Sample:
True
  lacp_mode
string
changed
The operation mode for LACP.

Sample:
passive
  lacp_timeout
integer
changed
The rate at which the system sends the LACP control packets.

Sample:
10
  link_selection_policy
string
changed
The LACP policy that the trunk uses to determine which member link can handle new traffic.

Sample:
maximum-bandwidth
  media_speed
integer
changed
Speed of the media attached to the trunk.

Sample:
10000
  media_status
boolean
changed
Whether the media that is part of the trunk is up or not.

Sample:
True
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
trunk1
  operational_member_count
integer
changed
Number of working members associated with the trunk.

Sample:
1
  stp_enabled
boolean
changed
Whether Spanning Tree Protocol (STP) is enabled or not.

Sample:
True
udp_profiles
complex
When udp-profiles is specified in gather_subset.
UDP profile related facts.

Sample:
hash/dictionary of values
  allow_no_payload
boolean
changed
Allow the passage of datagrams that contain header information, but no essential data.

Sample:
True
  buffer_max_bytes
integer
changed
Ingress buffer byte limit. Maximum allowed value is 16777215.

Sample:
655350
  buffer_max_packets
integer
changed
Ingress buffer packet limit. Maximum allowed value is 255.

  datagram_load_balancing
boolean
changed
Load balance UDP datagram by datagram

Sample:
True
  description
string
changed
Description of the resource.

Sample:
My profile
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
udp
  idle_timeout
boolean
changed
Number of seconds that a connection is idle before the connection is eligible for deletion.
In addition to a number, may be one of the values indefinite, or immediate.

Sample:
200
  ip_df_mode
string
changed
Describes the Don't Fragment (DF) bit setting in the outgoing UDP packet.
May be one of pmtu, preserve, set, or clear.
When pmtu, sets the outgoing UDP packet DF big based on the ip pmtu setting.
When preserve, preserves the incoming UDP packet Don't Fragment bit.
When set, sets the outgoing UDP packet DF bit.
When clear, clears the outgoing UDP packet DF bit.

Sample:
pmtu
  ip_tos_to_client
string
changed
The Type of Service level that the traffic management system assigns to UDP packets when sending them to clients.
May be numeric, or the values pass-through or mimic.

Sample:
mimic
  ip_ttl_mode
string
changed
The outgoing UDP packet's TTL mode.
Valid modes are proxy, preserve, decrement, and set.
When proxy, set the IP TTL of ipv4 to the default value of 255 and ipv6 to the default value of 64.
When preserve, set the IP TTL to the original packet TTL value.
When decrement, set the IP TTL to the original packet TTL value minus 1.
When set, set the IP TTL with the specified values in ip_ttl_v4 and ip_ttl_v6 values in the same profile.

Sample:
proxy
  ip_ttl_v4
integer
changed
IPv4 TTL.

Sample:
10
  ip_ttl_v6
integer
changed
IPv6 TTL.

Sample:
100
  link_qos_to_client
string
changed
The Quality of Service level that the system assigns to UDP packets when sending them to clients.
May be either numberic, or the value pass-through.

Sample:
pass-through
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
/Common/udp
  no_checksum
boolean
changed
Whether the checksum processing is enabled or disabled.
Note that if the datagram is IPv6, the system always performs checksum processing.

Sample:
True
  parent
string
changed
Profile from which this profile inherits settings.

Sample:
udp
  proxy_mss
boolean
changed
When yes, specifies that the system advertises the same mss to the server as was negotiated with the client.

Sample:
True
vcmp_guests
complex
When vcmp-guests is specified in gather_subset.
vCMP related facts.

Sample:
hash/dictionary of values
  allowed_slots
list
changed
List of slots that the guest is allowed to be assigned to.

Sample:
[0, 1, 3]
  assigned_slots
list
changed
Slots that the guest is assigned to.

Sample:
[0]
  boot_priority
integer
changed
Specifies boot priority of the guest. Lower number means earlier to boot.

Sample:
65535
  cores_per_slot
integer
changed
Number of cores that the system allocates to the guest.

Sample:
2
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
guest1
  hostname
string
changed
FQDN assigned to the guest.

Sample:
guest1.localdomain
  hotfix_image
string
changed
hotfix image to install onto any of this guest's newly created virtual disks.

Sample:
Hotfix-BIGIP-12.1.3.4-0.0.2-hf1.iso
  initial_image
string
changed
Software image to install onto any of this guest's newly created virtual disks.

Sample:
BIGIP-12.1.3.4-0.0.2.iso
  mgmt_address
string
changed
Management IP address configuration for the guest.

Sample:
2.3.2.3
  mgmt_network
string
changed
Accessibility of this vCMP guest's management network.

Sample:
bridged
  mgmt_route
string
changed
Management gateway IP address for the guest.

Sample:
2.2.2.1
  min_number_of_slots
integer
changed
Specifies the minimum number of slots that the guest must be assigned to.

Sample:
2
  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
guest1
  number_of_slots
integer
changed
Specifies the number of slots the guest should be assigned to.
This number is always greater than, or equal to, min_number_of_slots.

Sample:
2
  ssl_mode
string
changed
The SSL hardware allocation mode for the guest.

Sample:
shared
  state
string
changed
Specifies the state of the guest.
May be one of configured, provisioned, or deployed.
Each state implies the actions of all states before it.

Sample:
provisioned
  virtual_disk
string
changed
The filename of the virtual disk to use for this guest.

Sample:
guest1.img
virtual_addresses
complex
When virtual-addresses is specified in gather_subset.
Virtual address related facts.

Sample:
hash/dictionary of values
  address
string
changed
The virtual IP address.

Sample:
2.3.4.5
  arp_enabled
boolean
changed
Whether or not ARP is enabled for the specified virtual address.

Sample:
True
  auto_delete_enabled
boolean
changed
Indicates if the virtual address will be deleted automatically on deletion of the last associated virtual server or not.

  connection_limit
integer
changed
Concurrent connection limit for one or more virtual servers.

  description
string
changed
The description of the virtual address.

Sample:
My virtual address
  enabled
boolean
changed
Whether the virtual address is enabled or not.

Sample:
True
  floating
boolean
changed
Property derived from traffic-group. A floating virtual address is a virtual address for a VLAN that serves as a shared address by all devices of a BIG-IP traffic-group.

Sample:
True
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/2.3.4.5
  icmp_echo
boolean
changed
Whether the virtual address should reply to ICMP echo requests.

Sample:
True
  inherited_traffic_group
boolean
changed
Indicates if the traffic-group is inherited from the parent folder.

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
2.3.4.5
  netmask
string
changed
Netmask of the virtual address.

Sample:
255.255.255.255
  route_advertisement
boolean
changed
Specifies the route advertisement setting for the virtual address.

  spanning
boolean
changed
Whether or not spanning is enabled for the specified virtual address.

  traffic_group
string
changed
Traffic group on which the virtual address is active.

Sample:
/Common/traffic-group-1
virtual_servers
complex
When virtual-addresses is specified in gather_subset.
Virtual address related facts.

Sample:
hash/dictionary of values
  authentication_profile
list
changed
Specifies a list of authentication profile names, separated by spaces, that the virtual server uses to manage authentication.

Sample:
['/Common/ssl_drldp']
  auto_lasthop
string
changed
When enabled, allows the system to send return traffic to the MAC address that transmitted the request, even if the routing table points to a different network or interface.

Sample:
default
  availability_status
string
changed
The availability of the virtual server.

Sample:
offline
  bw_controller_policy
string
changed
The bandwidth controller for the system to use to enforce a throughput policy for incoming network traffic.

Sample:
/Common/bw1
  client_side_bits_in
integer
changed
Number of client-side ingress bits.

Sample:
1000
  client_side_bits_out
integer
changed
Number of client-side egress bits.

Sample:
200
  client_side_current_connections
integer
changed
Number of current connections client-side.

Sample:
300
  client_side_evicted_connections
integer
changed
Number of evicted connections client-side.

Sample:
100
  client_side_max_connections
integer
changed
Maximum number of connections client-side.

Sample:
40
  client_side_pkts_in
integer
changed
Number of client-side ingress packets.

Sample:
1098384
  client_side_pkts_out
integer
changed
Number of client-side egress packets.

Sample:
3484734
  client_side_slow_killed
integer
changed
Number of slow connections killed, client-side.

Sample:
234
  client_side_total_connections
integer
changed
Total number of connections.

Sample:
24
  cmp_enabled
boolean
changed
Whether or not clustered multi-processor (CMP) acceleration is enabled.

Sample:
True
  cmp_mode
string
changed
The clustered-multiprocessing mode.

Sample:
all-cpus
  connection_limit
integer
changed
Maximum number of concurrent connections you want to allow for the virtual server.

Sample:
100
  connection_mirror_enabled
boolean
changed
Whether or not connection mirroring is enabled.

Sample:
True
  cpu_usage_ratio_last_1_min
integer
changed
CPU Usage Ratio (%) Last 1 Minute

  cpu_usage_ratio_last_5_min
integer
changed
CPU Usage Ratio (%) Last 5 Minutes

  cpu_usage_ratio_last_5_sec
integer
changed
CPU Usage Ratio (%) Last 5 Seconds

  current_syn_cache
integer
changed
Current SYN Cache

  default_pool
string
changed
Pool name that you want the virtual server to use as the default pool.

Sample:
/Common/pool1
  description
string
changed
The description of the virtual server.

Sample:
My virtual
  destination
string
changed
Name of the virtual address and service on which the virtual server listens for connections.

Sample:
/Common/2.2.3.3%1:76
  destination_address
string
changed
Address portion of the destination.

Sample:
2.3.3.2
  destination_port
integer
changed
Port potion of the destination.

Sample:
80
  enabled
boolean
changed
Whether or not the virtual is enabled.

Sample:
True
  ephemeral_bits_in
integer
changed
Number of ephemeral ingress bits.

Sample:
1000
  ephemeral_bits_out
integer
changed
Number of ephemeral egress bits.

Sample:
200
  ephemeral_current_connections
integer
changed
Number of ephemeral current connections.

Sample:
300
  ephemeral_evicted_connections
integer
changed
Number of ephemeral evicted connections.

Sample:
100
  ephemeral_max_connections
integer
changed
Maximum number of ephemeral connections.

Sample:
40
  ephemeral_pkts_in
integer
changed
Number of ephemeral ingress packets.

Sample:
1098384
  ephemeral_pkts_out
integer
changed
Number of ephemeral egress packets.

Sample:
3484734
  ephemeral_slow_killed
integer
changed
Number of ephemeral slow connections killed.

Sample:
234
  ephemeral_total_connections
integer
changed
Total number of ephemeral connections.

Sample:
24
  fallback_persistence_profile
string
changed
Fallback persistence profile for the virtual server to use when the default persistence profile is not available.

Sample:
/Common/fallback1
  full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/2.3.4.5
  gtm_score
integer
changed
Specifies a score that is associated with the virtual server.

  hardware_syn_cookie_instances
integer
changed
Hardware SYN Cookie Instances

  ip_intelligence_policy
string
changed
IP Intelligence policy assigned to the virtual

Sample:
/Common/ip1
  irules
list
changed
List of iRules that customize the virtual server to direct and manage traffic.

Sample:
['/Common/rule1', "/Common/rule2'"]
  last_hop_pool
string
changed
Name of the last hop pool that you want the virtual server to use to direct reply traffic to the last hop router.

Sample:
/Common/pool1
  max_conn_duration
integer
changed
Max Conn Duration/msec

  mean_conn_duration
integer
changed
Mean Conn Duration/msec

  min_conn_duration
integer
changed
Min Conn Duration/msec

  name
string
changed
Relative name of the resource in BIG-IP.

Sample:
2.3.4.5
  nat64_enabled
boolean
changed
Whether or not NAT64 is enabled.

Sample:
True
  persistence_profile
string
changed
The persistence profile you want the system to use as the default for this virtual server.

Sample:
/Common/persist1
  profiles
complex
List of the profiles attached to the virtual.

    context
string
changed
Which side of the connection the profile affects; either all, client-side or server-side.

Sample:
client-side
    full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
/Common/tcp
    name
string
changed
Relative name of the resource in BIG-IP.

Sample:
tcp
  protocol
string
changed
IP protocol for which you want the virtual server to direct traffic.

Sample:
tcp
  rate_class
string
changed
Name of an existing rate class that you want the virtual server to use to enforce a throughput policy for incoming network traffic.

  rate_limit
integer
changed
Maximum number of connections per second allowed for a virtual server.

Sample:
34
  rate_limit_destination_mask
integer
changed
Specifies a mask, in bits, to be applied to the destination address as part of the rate limiting.

Sample:
32
  rate_limit_mode
string
changed
Indicates whether the rate limit is applied per virtual object, per source address, per destination address, or some combination thereof.

Sample:
object
  rate_limit_source_mask
integer
changed
Specifies a mask, in bits, to be applied to the source address as part of the rate limiting.

  security_log_profiles
list
changed
Specifies the log profile applied to the virtual server.

Sample:
['/Common/global-network', '/Common/local-dos']
  snat_pool
string
changed
Specifies the name of a LSN or SNAT pool used by the specified virtual server.

Sample:
/Common/pool1
  snat_type
string
changed
Specifies the type of source address translation associated with the specified virtual server.

Sample:
none
  software_syn_cookie_instances
integer
changed
Software SYN Cookie Instances

  source_address
string
changed
Specifies an IP address or network from which the virtual server will accept traffic.

Sample:
0.0.0./0
  source_port_behavior
string
changed
Specifies whether the system preserves the source port of the connection.

Sample:
preserve
  status_reason
string
changed
If there is a problem with the status of the virtual, that problem is reported here.

Sample:
The children pool member(s) either don't have service checking...
  syn_cache_overflow
integer
changed
SYN Cache Overflow

  syn_cookies_status
string
changed
SYN Cookies Status

Sample:
not-activated
  total_hardware_accepted_syn_cookies
integer
changed
SYN Cookies Total Hardware Accepted.

  total_hardware_syn_cookies
integer
changed
SYN Cookies Total Hardware

  total_requests
integer
changed
Total requests.

Sample:
8
  total_software_accepted_syn_cookies
integer
changed
SYN Cookies Total Software Accepted.

  total_software_rejected_syn_cookies
integer
changed
Total Software Rejected

  total_software_syn_cookies
integer
changed
Total Software

  translate_address
boolean
changed
Enables or disables address translation for the virtual server.

Sample:
True
  translate_port
boolean
changed
Enables or disables port translation.

Sample:
True
  type
string
changed
Virtual server type.

Sample:
standard
  vlans
list
changed
List of VLANs on which the virtual server is either enabled or disabled.

Sample:
['/Common/vlan1', '/Common/vlan2']
vlans
complex
When vlans is specified in gather_subset.
List of VLAN facts.

Sample:
hash/dictionary of values
  auto_lasthop
string
changed
Allows the system to send return traffic to the MAC address that transmitted the request, even if the routing table points to a different network or interface.

Sample:
enabled
  cmp_hash_algorithm
string
changed
Specifies how the traffic on the VLAN will be disaggregated.

Sample:
default
  description
string
changed
Description of the VLAN.

Sample:
My vlan
  failsafe_action
string
changed
Action for the system to take when the fail-safe mechanism is triggered.

Sample:
reboot
  failsafe_enabled
boolean
changed
Whether failsafe is enabled or not.

Sample:
True
  failsafe_timeout
integer
changed
Number of seconds that an active unit can run without detecting network traffic on this VLAN before it starts a failover.

Sample:
90
  if_index
integer
changed
Index assigned to this VLAN. It is a unique identifier assigned for all objects displayed in the SNMP IF-MIB.

Sample:
176
  interfaces
complex
changed
List of tagged or untagged interfaces and trunks that you want to configure for the VLAN.

    full_path
string
changed
Full name of the resource as known to BIG-IP.

Sample:
1.3
    name
string
changed
Relative name of the resource in BIG-IP.

Sample:
1.3
    tagged
boolean
changed
Whether the interface is tagged or not.

  learning_mode
string
changed
Whether switch ports placed in the VLAN are configured for switch learning, forwarding only, or dropped.

Sample:
enable-forward
  mtu
integer
changed
Specific maximum transition unit (MTU) for the VLAN.

Sample:
1500
  sflow_poll_interval
integer
changed
Maximum interval in seconds between two pollings.

  sflow_poll_interval_global
boolean
changed
Whether the global VLAN poll-interval setting, overrides the object-level poll-interval setting.

  sflow_sampling_rate
integer
changed
Ratio of packets observed to the samples generated.

  sflow_sampling_rate_global
boolean
changed
Whether the global VLAN sampling-rate setting, overrides the object-level sampling-rate setting.

Sample:
True
  source_check_enabled
boolean
changed
Specifies that only connections that have a return route in the routing table are accepted.

Sample:
True
  tag
integer
changed
Tag number for the VLAN.

Sample:
30
  true_mac_address
string
changed
Media access control (MAC) address for the lowest-numbered interface assigned to this VLAN.

Sample:
fa:16:3e:10:da:ff


Status

Authors

  • Tim Rupp (@caphrim007)
  • Wojciech Wypior (@wojtek0806)

Hint

If you notice any issues in this documentation you can edit this document to improve it.