Traffic Management Shell (tmsh)Reference Guide

version 11.5.1

MAN-0306-08

ProductVersionThis manual applies to version 11.5.1 of the BIG-IP® product family.

Publication DateThis manual was published on March 4, 2014.

Legal Notices

CopyrightCopyright © 2/11/14, F5 Networks, Inc. All rights reserved.

F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5assumes no responsibility for the use of this information, nor any infringement of patents or other rights ofthird parties which may result from its use. No license is granted by implication or otherwise under anypatent, copyright, or other intellectual property right of F5 except as specifically described by applicableuser licenses. F5 reserves the right to change specifications at any time without notice.

TrademarksAAM, Access Policy Manager, Advanced Client Authentication, Advanced Firewall Manager, AdvancedRouting, AFM, Alive With F5, APM, Application Acceleration Manager, Application Security Manager,ARX, AskF5, ASM, BIG-IP, BIG-IQ, Cloud Extender, CloudFucious, Cloud Manager, ClusteredMultiprocessing, CMP, COHESION, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express,DSC, DSI, Edge Client, Edge Gateway, Edge Portal, ELEVATE, EM, Enterprise Manager, ENGAGE, F5,F5 [DESIGN], F5 Certified [DESIGN], F5 Networks, Fast Application Proxy, Fast Cache, FirePass,Global Traffic Manager, GTM, GUARDIAN, iApps, IBR, Intelligent Browser Referencing, IntelligentCompression, IPv6 Gateway, iControl, iHealth, iQuery, iRules, iRules OnDemand, iSession, L7 RateShaping, LC, Link Controller, Local Traffic Manager, LTM, LineRate, LineRate Systems [DESIGN],LROS, Message Security Manager, MSM, OneConnect, Packet Velocity, PEM, Policy EnforcementManager, Protocol Security Manager, PSM, Real Traffic Policy Builder, ScaleN, SignallingDelivery Controller, SDC, SSL Acceleration, StrongBox, SuperVIP, SYN Check, TCP Express, TDR,TMOS, Traffic Management Operating System, Traffix Systems, Traffix Systems (DESIGN), TransparentData Reduction, UNITY, VAULT, VIPRION, vCMP, VE F5 [DESIGN], Virtual ClusteredMultiprocessing, WA, WAN Optimization Manager, WebAccelerator, WOM, and ZoneRunner, aretrademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be usedwithout F5's express written consent.

All other product and company names herein may be trademarks of their respective owners.

PatentsThis product may be protected by one or more patents indicated at:

http://www.f5.com/about/guidelines-policies/patents.

Export Regulation NoticeThis product may include cryptographic software. Under the Export Administration Act, the United Statesgovernment may consider it a criminal offense to export this product from the United States.

RF Interference WarningThis is a Class A product. In a domestic environment this product may cause radio interference, in whichcase the user may be required to take adequate measures.

TMSH Reference i

FCC ComplianceThis equipment has been tested and found to comply with the limits for a Class A digital device pursuantto Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmfulinterference when the equipment is operated in a commercial environment. This unit generates, uses, andcan radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,may cause harmful interference to radio communications. Operation of this equipment in a residential areais likely to cause harmful interference, in which case the user, at his own expense, will be required to takewhatever measures may be required to correct the interference.

Any modifications to this device, unless expressly approved by the manufacturer, can void the user'sauthority to operate this equipment under part 15 of the FCC rules.

Canadian Regulatory ComplianceThis class A digital apparatus complies with Canadian I CES-003.

Standards ComplianceThis product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable toInformation Technology products at the time of manufacture.

AcknowledgmentsThis product includes software developed by Bill Paul.

This product includes software developed by Jonathan Stone.

This product includes software developed by Manuel Bouyer.

This product includes software developed by Paul Richards.

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes software developed by the Politecnico di Torino, and its contributors.

This product includes software developed by the Swedish Institute of Computer Science and itscontributors.

This product includes software developed by the University of California, Berkeley and its contributors.

This product includes software developed by the Computer Systems Engineering Group at the LawrenceBerkeley Laboratory.

This product includes software developed by Christopher G. Demetriou for the NetBSD Project.

This product includes software developed by Adam Glass.

This product includes software developed by Christian E. Hopps.

This product includes software developed by Dean Huxley.

This product includes software developed by John Kohl.

This product includes software developed by Paul Kranenburg.

This product includes software developed by Terrence R. Lambert.

This product includes software developed by Philip A. Nelson.

This product includes software developed by Herb Peyerl.

This product includes software developed by Jochen Pohl for the NetBSD Project.

This product includes software developed by Chris Provenzano.

This product includes software developed by Theo de Raadt.

This product includes software developed by David Muir Sharnoff.

This product includes software developed by SigmaSoft, Th. Lockert.

This product includes software developed for the NetBSD Project by Jason R. Thorpe.

This product includes software developed by Jason R. Thorpe for And Communications,http://www.and.com.

This product includes software developed for the NetBSD Project by Frank Van der Linden.

This product includes software developed for the NetBSD Project by John M. Vinopal.

This product includes software developed by Christos Zoulas.

This product includes software developed by the University of Vermont and State Agricultural College andGarrett A. Wollman.

This product includes software developed by Balazs Scheidler (bazsi@balabit.hu), which is protectedunder the GNU Public License.

ii

This product includes software developed by Niels Mueller (nisse@lysator.liu.se), which is protectedunder the GNU Public License.

In the following statement,This softwarerefers to the Mitsumi CD-ROM driver: This software wasdeveloped by Holger Veit and Brian Moore for use with 386BSD and similar operating systems.Similaroperating systemsincludes mainly non-profit oriented systems for research and education, including butnot restricted to NetBSD, FreeBSD, Mach (by CMU).

This product includes software developed by the Apache Group for use in the Apache HTTP server project(http://www.apache.org/).

This product includes software licensed from Richard H. Porter under the GNU Library General PublicLicense (© 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.

This product includes the standard version of Perl software licensed under the Perl Artistic License (©1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most currentstandard version of Perl at http://www.perl.com.

This product includes software developed by Jared Minch.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit(http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product contains software based on oprofile, which is protected under the GNU Public License.

This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html)and licensed under the GNU General Public License.

This product contains software licensed from Dr. Brian Gladman under the GNU General Public License(GPL).

This product includes software developed by the Apache Software Foundation (http://www.apache.org/).

This product includes Hypersonic SQL.

This product contains software developed by the Regents of the University of California, SunMicrosystems, Inc., Scriptics Corporation, and others.

This product includes software developed by the Internet Software Consortium.

This product includes software developed by Nominum, Inc. (http://www.nominum.com).

This product contains software developed by Broadcom Corporation, which is protected under the GNUPublic License.

This product contains software developed by MaxMind LLC, and is protected under the GNU LesserGeneral Public License, as published by the Free Software Foundation.

This product includes software licensed from Gerald Combs (gerald@wireshark.org) under the GNUGeneral Public License as published by the Free Software Foundation; either version 2 of the License, orany later version. Copyright ©1998 Gerald Combs.

This product includes software developed by Thomas Williams and Colin Kelley. Copyright ©1986 -1993, 1998, 2004, 2007

Permission to use, copy, and distribute this software and its documentation for any purpose with or withoutfee is hereby granted, provided that the above copyright notice appear in all copies and that both thatcopyright notice and this permission notice appear in supporting documentation. Permission to modify thesoftware is granted, but not the right to distribute the complete modified source code. Modifications are tobe distributed as patches to the released version. Permission to distribute binaries produced by compilingmodified sources is granted, provided you

1. distribute the corresponding source modifications from the released version in the form of a patch filealong with the binaries,

2. add special version identification to distinguish your version in addition to the base release versionnumber,

3. provide your name and address as the primary contact for the support of your modified version, and

4. retain our contact information in regard to use of the base software.

TMSH Reference iii

Permission to distribute the released version of the source code along with corresponding sourcemodifications in the form of a patch file is granted with same provisions 2 through 4 for binarydistributions. This software is provided "as is" without express or implied warranty to the extent permittedby applicable law.

• source code distributions include the above copyright notice, this list of conditions and the followingdisclaimer;

• binary distributions include the above copyright notice, this list of conditions and the followingdisclaimer in their documentation.

This software is provided as is with no explicit or implied warranties in respect of its operation,including, but not limited to, correctness and fitness for purpose.

This product contains software developed by Google, Inc. Copyright ©2011 Google, Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associateddocumentation files (the "Software"), to deal in the Software without restriction, including withoutlimitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of theSoftware, and to permit persons to whom the Software is furnished to do so, subject to the followingconditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portionsof the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALLTHE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OROTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHERDEALINGS IN THE SOFTWARE.

• Redistributions of source code must retain the above copyright notice, this list of conditions and thefollowing disclaimer.

• Redistributions in binary form must reproduce the above copyright notice, this list of conditions andthe following disclaimer in the documentation and/or other materials provided with the distribution.

• Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promoteproducts derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THEIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULARPURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER ORCONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OROTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IFADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

iv

Table of Contents

Table of Contents

1Introducing the Traffic Management Shell

About the Traffic Management Shell ......................................................................................... 1-1Additional command line utilities and tools ............................................................................. 1-2Basic syntax conventions .............................................................................................................. 1-3

2Understanding and Using the Traffic Management Shell

Understanding the structure of tmsh ........................................................................................ 2-1Using tmsh ....................................................................................................................................... 2-2

Loading and saving the system configuration .................................................................. 2-2Working within the tmsh hierarchy ................................................................................. 2-3Using the scripting feature .................................................................................................. 2-6Using the command completion feature ......................................................................... 2-7Using the help feature .......................................................................................................... 2-9Using the context-sensitive help feature ....................................................................... 2-10Interrupting a command .................................................................................................... 2-10Entering multiple commands ............................................................................................ 2-10Using the command glob feature .................................................................................... 2-11Using the command audit feature ................................................................................... 2-15Using the command aliases feature ................................................................................. 2-17Using the wildcard search feature ................................................................................... 2-19Using the statistics feature ................................................................................................ 2-19Using grep functionality in tmsh to filter output ......................................................... 2-22Creating batch mode transactions .................................................................................. 2-23Controlling tmsh ................................................................................................................. 2-24

Introduction to command syntax ............................................................................................. 2-27

3Global Commands

Introducing global commands ...................................................................................................... 3-1Alphabetical list of global commands ......................................................................................... 3-1cd ....................................................................................................................................................... 3-2cp ....................................................................................................................................................... 3-4create ................................................................................................................................................ 3-6delete ................................................................................................................................................ 3-7edit ..................................................................................................................................................... 3-9exit ................................................................................................................................................... 3-11generate .......................................................................................................................................... 3-12help .................................................................................................................................................. 3-13install ............................................................................................................................................... 3-15list .................................................................................................................................................... 3-16load .................................................................................................................................................. 3-19modify ............................................................................................................................................. 3-20mv .................................................................................................................................................... 3-22publish ............................................................................................................................................. 3-23pwd .................................................................................................................................................. 3-24quit ................................................................................................................................................... 3-25reboot ............................................................................................................................................. 3-26reset-stats ...................................................................................................................................... 3-28restart ............................................................................................................................................. 3-30run ................................................................................................................................................... 3-31save .................................................................................................................................................. 3-34send-mail ........................................................................................................................................ 3-35

TMSH Reference iii

Table of Contents

show ................................................................................................................................................ 3-36shutdown ........................................................................................................................................ 3-40start ................................................................................................................................................. 3-41stop .................................................................................................................................................. 3-42submit ............................................................................................................................................. 3-43time ................................................................................................................... 3-44tmsh ................................................................................................................... 3-47

4analytics

Introducing the analytics module ................................................................................................ 4-1Alphabetical list of components .................................................................................................. 4-1report ................................................................................................................................................ 4-2

5analytics application-security

Introducing the analytics application-security module .......................................................... 5-1Alphabetical list of components .................................................................................................. 5-1report ................................................................................................................................................ 5-2scheduled-report ............................................................................................................................ 5-7

6analytics application-security-network

Introducing the analytics application-security-network module ......................................... 6-1Alphabetical list of components .................................................................................................. 6-1report ................................................................................................................................................ 6-2

7analytics application-security-anomalies

Introducing the analytics application-security-anomalies module ....................................... 7-1Alphabetical list of components .................................................................................................. 7-1report ................................................................................................................................................ 7-2

8analytics dns

Introducing the analytics dns module ........................................................................................ 8-1Alphabetical list of components .................................................................................................. 8-1report ................................................................................................................................................ 8-2

9analytics dns-dos

Introducing the analytics dns-dos module ................................................................................ 9-1Alphabetical list of components .................................................................................................. 9-1report ................................................................................................................................................ 9-2

10analytics dns-protocol

Introducing the analytics dns-protocol module .................................................................... 10-1Alphabetical list of components ................................................................................................ 10-1report .............................................................................................................................................. 10-2

iv

Table of Contents

11analytics dos-l3

Introducing the analytics dos-l3 module ................................................................................. 11-1Alphabetical list of components ................................................................................................ 11-1report .............................................................................................................................................. 11-2

12analytics dos-l7

Introducing the analytics dos-l7 module ................................................................................. 12-1Alphabetical list of components ................................................................................................ 12-1report .............................................................................................................................................. 12-2

13analytics http

Introducing the analytics http module ..................................................................................... 13-1Alphabetical list of components ................................................................................................ 13-1report .............................................................................................................................................. 13-2

14analytics network

Introducing the analytics network module ............................................................................ 14-1Alphabetical list of components ................................................................................................ 14-1report .............................................................................................................................................. 14-2stale-rules .....................................................................................................................................14-10

15analytics protocol-security

Introducing the analytics protocol-security module ............................................................ 15-1Alphabetical list of components ................................................................................................ 15-1report .............................................................................................................................................. 15-2

16analytics sip-dos

Introducing the analytics sip-dos module ............................................................................... 16-1Alphabetical list of components ................................................................................................ 16-1report .............................................................................................................................................. 16-2

17apm

Introducing the apm module ..................................................................................................... 17-1Alphabetical list of components ................................................................................................ 17-1acl ..................................................................................................................................................... 17-2log-setting ....................................................................................................................................... 17-6url-filter ........................................................................................................................................... 17-8

18apm aaa

Introducing the apm aaa module .............................................................................................. 18-1Alphabetical list of components ................................................................................................ 18-1

TMSH Reference v

Table of Contents

active-directory ............................................................................................................................ 18-2active-directory-trusted-domains ............................................................................................. 18-5crldp ................................................................................................................................................ 18-7http ................................................................................................................................................18-10kerberos .......................................................................................................................................18-14kerberos-keytab-file ...................................................................................................................18-16ldap ................................................................................................................................................18-18oam ................................................................................................................................................18-21ocsp ...............................................................................................................................................18-25radius .............................................................................................................................................18-29saml ................................................................................................................................................18-32saml-idp-connector ....................................................................................................................18-36securid ..........................................................................................................................................18-39tacacsplus .....................................................................................................................................18-41

19apm epsec

Introducing the apm epsec module .......................................................................................... 19-1Alphabetical list of components ................................................................................................ 19-1epsec-package ............................................................................................................................... 19-2software-status ............................................................................................................................. 19-4

20apm mam

Introducing the apm mam module ........................................................................................... 20-1Alphabetical list of components ................................................................................................ 20-1idbridge ........................................................................................................................................... 20-2mam-server .................................................................................................................................... 20-4

21apm mam scim-config

Introducing the apm mam scim-config module ..................................................................... 21-1Alphabetical list of components ................................................................................................ 21-1scim-config ..................................................................................................................................... 21-2

22apm ntlm

Introducing the apm ntlm module ............................................................................................ 22-1Alphabetical list of components ................................................................................................ 22-1machine-account ........................................................................................................................... 22-2ntlm-auth ........................................................................................................................................ 22-5

23apm policy

Introducing the apm policy module ......................................................................................... 23-1Alphabetical list of components ................................................................................................ 23-1access-policy .................................................................................................................................. 23-2customization-group .................................................................................................................... 23-3image-file ........................................................................................................................................ 23-4policy-item ..................................................................................................................................... 23-5windows-group-policy-file .......................................................................................................... 23-6

vi

Table of Contents

24apm policy agent

Introducing the apm policy agent module .............................................................................. 24-1Alphabetical list of components ................................................................................................ 24-1aaa-active-directory ..................................................................................................................... 24-2aaa-client-cert ............................................................................................................................... 24-5aaa-crldp ......................................................................................................................................... 24-7aaa-http ........................................................................................................................................... 24-9aaa-ldap .........................................................................................................................................24-11aaa-ocsp ........................................................................................................................................24-15aaa-radius .....................................................................................................................................24-17aaa-securid ...................................................................................................................................24-19acct-radius ....................................................................................................................................24-21acct-tacacsplus ............................................................................................................................24-23decision-box ................................................................................................................................24-25dynamic-acl ..................................................................................................................................24-27ending-allow .................................................................................................................................24-29ending-deny .................................................................................................................................24-31ending-redirect ...........................................................................................................................24-33endpoint-check-machine-cert ..................................................................................................24-35endpoint-check-software ..........................................................................................................24-38endpoint-linux-check-file ..........................................................................................................24-42endpoint-linux-check-process .................................................................................................24-45endpoint-mac-check-file ...........................................................................................................24-48endpoint-mac-check-process ..................................................................................................24-51endpoint-machine-info ..............................................................................................................24-53endpoint-windows-browser-cache-cleaner ..........................................................................24-55endpoint-windows-check-file ..................................................................................................24-58endpoint-windows-check-process ..........................................................................................24-61endpoint-windows-check-registry ..........................................................................................24-64endpoint-windows-group-policy .............................................................................................24-67endpoint-windows-info-os .......................................................................................................24-69endpoint-windows-protected-workspace ............................................................................24-71external-logon-page ...................................................................................................................24-73irule-event ....................................................................................................................................24-75kerberos .......................................................................................................................................24-77logging ...........................................................................................................................................24-79logon-page ....................................................................................................................................24-81message-box ................................................................................................................................24-85oam ................................................................................................................................................24-87resource-assign ...........................................................................................................................24-89route-domain-selection ............................................................................................................24-91tacacsplus .....................................................................................................................................24-93variable-assign .............................................................................................................................24-95

25apm profile

Introducing the apm profile module ........................................................................................ 25-1Alphabetical list of components ................................................................................................ 25-1access .............................................................................................................................................. 25-2connectivity ................................................................................................................................... 25-9exchange .......................................................................................................................................25-14remote-desktop ..........................................................................................................................25-17

TMSH Reference vii

Table of Contents

26apm resource

Introducing the apm resource module ................................................................................... 26-1Alphabetical list of components ................................................................................................ 26-1app-tunnel ...................................................................................................................................... 26-2client-rate-class ............................................................................................................................. 26-5client-traffic-classifier ................................................................................................................... 26-8ipv6-leasepool .............................................................................................................................26-11leasepool ......................................................................................................................................26-13network-access ...........................................................................................................................26-15portal-access ................................................................................................................................26-23sandbox ........................................................................................................................................26-26webtop ..........................................................................................................................................26-29webtop-link ..................................................................................................................................26-32

27apm resource remote-desktop

Introducing the apm resource remote-desktop module .................................................... 27-1Alphabetical list of components ................................................................................................ 27-1citrix ................................................................................................................................................ 27-2citrix-client-bundle ....................................................................................................................... 27-5citrix-client-package-file .............................................................................................................. 27-7quest ................................................................................................................................................ 27-9rdp .................................................................................................................................................27-12vmware-view ...............................................................................................................................27-18

28apm sso

Introducing the apm sso module .............................................................................................. 28-1Alphabetical list of components ................................................................................................ 28-1basic ................................................................................................................................................. 28-2form-based ..................................................................................................................................... 28-5form-basedv2 ................................................................................................................................. 28-8kerberos .......................................................................................................................................28-17ntlmv1 ...........................................................................................................................................28-21ntlmv2 ...........................................................................................................................................28-24saml ................................................................................................................................................28-27saml-resource ..............................................................................................................................28-31saml-sp-connector .....................................................................................................................28-33

29asm

Introducing the asm module ...................................................................................................... 29-1Alphabetical list of components ................................................................................................ 29-1device-sync ..................................................................................................................................... 29-2http-method .................................................................................................................................. 29-3httpclass-asm ................................................................................................................................. 29-5policy ............................................................................................................................................... 29-7predefined-policy ........................................................................................................................29-11response-code ............................................................................................................................29-12webapp-language ........................................................................................................................29-14

viii

Table of Contents

30auth

Introducing the auth module ..................................................................................................... 30-1Alphabetical list of components ................................................................................................ 30-1cert-ldap ......................................................................................................................................... 30-2ldap .................................................................................................................................................. 30-7login-failures ................................................................................................................................30-12partition ........................................................................................................................................30-14password ......................................................................................................................................30-16password-policy ..........................................................................................................................30-17radius .............................................................................................................................................30-20radius-server ...............................................................................................................................30-23remote-role .................................................................................................................................30-26remote-user .................................................................................................................................30-30source ...........................................................................................................................................30-32tacacs .............................................................................................................................................30-34user ................................................................................................................................................30-37

31cli

Introducing the cli module ......................................................................................................... 31-1Alphabetical list of components ................................................................................................ 31-1admin-partitions ............................................................................................................................ 31-2global-settings ................................................................................................................................ 31-3history ............................................................................................................................................. 31-5preference ...................................................................................................................................... 31-6script .............................................................................................................................................31-12transaction ...................................................................................................................................31-31version ..........................................................................................................................................31-34

32cli alias

Introducing the cli alias module ................................................................................................ 32-1Alphabetical list of components ................................................................................................ 32-1private ............................................................................................................................................. 32-2shared ............................................................................................................................................. 32-5

33cm

Introducing the cm module ....................................................................................................... 33-1Alphabetical list of components ................................................................................................ 33-1cert .................................................................................................................................................. 33-2config-sync ..................................................................................................................................... 33-5device .............................................................................................................................................. 33-7device-group ................................................................................................................................33-11failover-status ..............................................................................................................................33-15key .................................................................................................................................................33-16sniff-updates .................................................................................................................................33-19sync-status ...................................................................................................................................33-20traffic-group .................................................................................................................................33-21trust-domain ................................................................................................................................33-24watch-devicegroup-device ........................................................................................................33-27watch-sys-device .........................................................................................................................33-29

TMSH Reference ix

Table of Contents

watch-trafficgroup-device .........................................................................................................33-31

34gtm

Introducing the gtm module ...................................................................................................... 34-1Alphabetical list of components ................................................................................................ 34-1datacenter ...................................................................................................................................... 34-2distributed-app .............................................................................................................................. 34-5iquery .............................................................................................................................................. 34-9ldns ................................................................................................................................................34-10link .................................................................................................................................................34-11listener ..........................................................................................................................................34-16path ................................................................................................................................................34-22persist ...........................................................................................................................................34-23pool ...............................................................................................................................................34-25prober-pool .................................................................................................................................34-37region ............................................................................................................................................34-41rule ................................................................................................................................................34-44server ............................................................................................................................................34-47topology .......................................................................................................................................34-54traffic .............................................................................................................................................34-57wideip ............................................................................................................................................34-58

35gtm global-settings

Introducing the gtm global-settings module ........................................................................... 35-1Alphabetical list of components ................................................................................................ 35-1general ............................................................................................................................................ 35-2load-balancing ................................................................................................................................ 35-6metrics ............................................................................................................................................ 35-8metrics-exclusions .....................................................................................................................35-11

36gtm monitor

Introducing the gtm monitor module ...................................................................................... 36-1Alphabetical list of components ................................................................................................ 36-1bigip ................................................................................................................................................. 36-2bigip-link ......................................................................................................................................... 36-6external ........................................................................................................................................... 36-9firepass ..........................................................................................................................................36-12ftp ...................................................................................................................................................36-16gateway-icmp ...............................................................................................................................36-20gtp ..................................................................................................................................................36-23http ................................................................................................................................................36-26https ..............................................................................................................................................36-30imap ...............................................................................................................................................36-34ldap ................................................................................................................................................36-38mssql .............................................................................................................................................36-42mysql .............................................................................................................................................36-46nntp ...............................................................................................................................................36-50oracle ............................................................................................................................................36-54pop3 ..............................................................................................................................................36-58postgresql .....................................................................................................................................36-61

x

Table of Contents

radius .............................................................................................................................................36-65radius-accounting .......................................................................................................................36-69real-server ....................................................................................................................................36-73scripted .........................................................................................................................................36-76sip ...................................................................................................................................................36-79smtp ...............................................................................................................................................36-84snmp ..............................................................................................................................................36-87snmp-link ......................................................................................................................................36-91soap ...............................................................................................................................................36-95tcp ..................................................................................................................................................36-99tcp-half-open ............................................................................................................................ 36-103udp .............................................................................................................................................. 36-106wap ............................................................................................................................................. 36-110wmi ............................................................................................................................................. 36-114

37ltm

Introducing the ltm module ....................................................................................................... 37-1Alphabetical list of components ................................................................................................ 37-1default-node-monitor .................................................................................................................. 37-2ifile ................................................................................................................................................... 37-4lsn-pool ........................................................................................................................................... 37-6nat ..................................................................................................................................................37-12node ..............................................................................................................................................37-15policy .............................................................................................................................................37-19policy-strategy .............................................................................................................................37-30pool ...............................................................................................................................................37-34rule ................................................................................................................................................37-45snat ................................................................................................................................................37-49snat-translation ...........................................................................................................................37-53snatpool ........................................................................................................................................37-56traffic-class ...................................................................................................................................37-58virtual ............................................................................................................................................37-61virtual-address .............................................................................................................................37-74

38ltm auth

Introducing the ltm auth module .............................................................................................. 38-1Alphabetical list of components ................................................................................................ 38-1crldp-server ................................................................................................................................... 38-2kerberos-delegation ..................................................................................................................... 38-5ldap .................................................................................................................................................. 38-8ocsp-responder ...........................................................................................................................38-13profile ............................................................................................................................................38-18radius .............................................................................................................................................38-21radius-server ...............................................................................................................................38-24ssl-cc-ldap .....................................................................................................................................38-27ssl-crldp ........................................................................................................................................38-32ssl-ocsp .........................................................................................................................................38-35tacacs .............................................................................................................................................38-38

TMSH Reference xi

Table of Contents

39ltm classification

Introducing the ltm classification module ............................................................................... 39-1Alphabetical list of components ................................................................................................ 39-1application ...................................................................................................................................... 39-2category .......................................................................................................................................... 39-4http-signature ................................................................................................................................ 39-6key ................................................................................................................................................... 39-9signature-definition ....................................................................................................................39-11signature-update-schedule ........................................................................................................39-13signature-version ........................................................................................................................39-15signatures .....................................................................................................................................39-17update-signatures .......................................................................................................................39-18url-category .................................................................................................................................39-19

40ltm classification stats

Introducing the ltm classification stats module ..................................................................... 40-1Alphabetical list of components ................................................................................................ 40-1application ...................................................................................................................................... 40-2

41ltm data-group

Introducing the ltm data-group module .................................................................................. 41-1Alphabetical list of components ................................................................................................ 41-1external ........................................................................................................................................... 41-2internal ............................................................................................................................................ 41-5

42ltm dns

Introducing the ltm dns module ............................................................................................... 42-1Alphabetical list of components ................................................................................................ 42-1dns-express-db .............................................................................................................................. 42-2nameserver .................................................................................................................................... 42-3tsig-key ............................................................................................................................................ 42-5zone ................................................................................................................................................. 42-7

43ltm dns analytics

Introducing the ltm dns analytics module ............................................................................... 43-1Alphabetical list of components ................................................................................................ 43-1global-settings ................................................................................................................................ 43-2

44ltm dns cache

Introducing the ltm dns cache module .................................................................................... 44-1Alphabetical list of components ................................................................................................ 44-1global-settings ................................................................................................................................ 44-2resolver ........................................................................................................................................... 44-4transparent .................................................................................................................................... 44-9validating-resolver ......................................................................................................................44-12

xii

Table of Contents

45ltm dns cache records

Introducing the ltm dns cache records module .................................................................... 45-1Alphabetical list of components ................................................................................................ 45-1key ................................................................................................................................................... 45-2msg ................................................................................................................................................... 45-4nameserver .................................................................................................................................... 45-6rrset ................................................................................................................................................. 45-8

46ltm dns dnssec

Introducing the ltm dns dnssec module .................................................................................. 46-1Alphabetical list of components ................................................................................................ 46-1generation ...................................................................................................................................... 46-2key ................................................................................................................................................... 46-4zone ................................................................................................................................................. 46-8

47ltm global-settings

Introducing the ltm global-settings module ............................................................................ 47-1Alphabetical list of components ................................................................................................ 47-1connection ..................................................................................................................................... 47-2general ............................................................................................................................................ 47-4traffic-control ................................................................................................................................ 47-6

48ltm message-routing generic

Introducing the ltm message-routing generic module ......................................................... 48-1Alphabetical list of components ................................................................................................ 48-1peer ................................................................................................................................................. 48-2protocol .......................................................................................................................................... 48-4route ............................................................................................................................................... 48-6router .............................................................................................................................................. 48-8transport-config ..........................................................................................................................48-11

49ltm monitor

Introducing the ltm monitor module ....................................................................................... 49-1Alphabetical list of components ................................................................................................ 49-1diameter ......................................................................................................................................... 49-2dns ................................................................................................................................................... 49-7external .........................................................................................................................................49-12firepass ..........................................................................................................................................49-16ftp ...................................................................................................................................................49-20gateway-icmp ...............................................................................................................................49-24http ................................................................................................................................................49-28https ..............................................................................................................................................49-33icmp ...............................................................................................................................................49-38imap ...............................................................................................................................................49-42inband ............................................................................................................................................49-46ldap ................................................................................................................................................49-49module-score ..............................................................................................................................49-54

TMSH Reference xiii

Table of Contents

mssql .............................................................................................................................................49-58mysql .............................................................................................................................................49-63nntp ...............................................................................................................................................49-68oracle ............................................................................................................................................49-72pop3 ..............................................................................................................................................49-77postgresql .....................................................................................................................................49-81radius .............................................................................................................................................49-86radius-accounting .......................................................................................................................49-90real-server ....................................................................................................................................49-94rpc ..................................................................................................................................................49-97sasp ............................................................................................................................................. 49-101scripted ...................................................................................................................................... 49-104sip ................................................................................................................................................ 49-108smb ............................................................................................................................................. 49-113smtp ............................................................................................................................................ 49-117snmp-dca ................................................................................................................................... 49-121snmp-dca-base .......................................................................................................................... 49-125soap ............................................................................................................................................ 49-128tcp ............................................................................................................................................... 49-133tcp-echo ..................................................................................................................................... 49-138tcp-half-open ............................................................................................................................ 49-142udp .............................................................................................................................................. 49-146virtual-location ......................................................................................................................... 49-151wap ............................................................................................................................................. 49-155wmi ............................................................................................................................................. 49-160

50ltm persistence

Introducing the ltm persistence module ................................................................................. 50-1Alphabetical list of components ................................................................................................ 50-1cookie ............................................................................................................................................. 50-2dest-addr ........................................................................................................................................ 50-6global-settings ................................................................................................................................ 50-9hash ...............................................................................................................................................50-11msrdp ............................................................................................................................................50-15persist-records ............................................................................................................................50-18sip ...................................................................................................................................................50-21source-addr .................................................................................................................................50-24ssl ...................................................................................................................................................50-28universal ........................................................................................................................................50-31

51ltm profile

Introducing the ltm profile module .......................................................................................... 51-1Alphabetical list of components ................................................................................................ 51-1analytics .......................................................................................................................................... 51-2certificate-authority ...................................................................................................................51-11classification .................................................................................................................................51-13client-ssl ........................................................................................................................................51-15clientssl-proxy-cached-certs ....................................................................................................51-27diameter .......................................................................................................................................51-28dns .................................................................................................................................................51-33dns-logging ...................................................................................................................................51-37fasthttp ..........................................................................................................................................51-39

xiv

Table of Contents

fastl4 ..............................................................................................................................................51-44fix ...................................................................................................................................................51-50ftp ...................................................................................................................................................51-52html ...............................................................................................................................................51-55http ................................................................................................................................................51-57http-compression .......................................................................................................................51-66icap .................................................................................................................................................51-71iiop .................................................................................................................................................51-73ipother ..........................................................................................................................................51-76mblb ...............................................................................................................................................51-78mssql .............................................................................................................................................51-81ntlm ...............................................................................................................................................51-84one-connect .................................................................................................................................51-87pcp .................................................................................................................................................51-90pptp ...............................................................................................................................................51-94qoe .................................................................................................................................................51-96radius .............................................................................................................................................51-98ramcache ................................................................................................................................... 51-101request-adapt ........................................................................................................................... 51-103request-log ................................................................................................................................ 51-106response-adapt ........................................................................................................................ 51-110rewrite ....................................................................................................................................... 51-113rtsp ............................................................................................................................................. 51-118sctp ............................................................................................................................................. 51-122server-ssl ................................................................................................................................... 51-126sip ................................................................................................................................................ 51-136smtp ............................................................................................................................................ 51-140smtps .......................................................................................................................................... 51-142socks ........................................................................................................................................... 51-144spdy ............................................................................................................................................ 51-147statistics ..................................................................................................................................... 51-151stream ........................................................................................................................................ 51-154tcp ............................................................................................................................................... 51-157udp .............................................................................................................................................. 51-166wa-cache ......................................