A description of the action.

•Type: FreeformString

•Required: false

•Default value: <none>

Maximum length in bytes of a message sent to the remote syslog. Messages longer than this will be truncated before they are sent.

•Type: UInt

•Required: false

•Default value: "2048"

How long the action can run for before it is stopped automatically (set to 0 to disable timeouts).

•Type: UInt

•Required: false

•Default value: "60"

The action type.

•Type: Enum(String)

•Required: true

•Default value: <none>

•Permitted values:

"email": E-Mail

"log": Log to File

"program": Program

"soap": SOAP Callback

"syslog": Log to Syslog

"trap": SNMP Notify or Trap

Enable or disable verbose logging for this action.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "email" section:

The e-mail address from which messages will appear to originate.

•Type: String

•Required: false

•Default value: "vTM@%hostname%"

The SMTP server to which messages should be sent. This must be a valid IPv4 address or resolvable hostname (with optional port).

•Type: String

•Required: false

•Default value: <none>

A set of e-mail addresses to which messages will be sent.

•Type: Set(String)

•Required: false

•Default value: <none>

Properties for the "log" section:

The full path of the file to log to. The text %zeushome% will be replaced with the location where the software is installed.

•Type: String

•Required: false

•Default value: <none>

Properties for the "program" section:

A table containing arguments and argument values to be passed to the event handling program.

•Type: Table

•Required: false

•Primary key:

•name (String): The name of the argument to be passed to the event handling program. (Required)

•Sub keys:

•value (String): The value of the argument to be passed to the event handling program. (Required)

•description (String): A description for the argument provided to the program.

The program to run.

•Type: String

•Required: false

•Default value: <none>

Properties for the "soap" section:

Additional information to send with the SOAP call.

•Type: String

•Required: false

•Default value: <none>

The password for HTTP basic authentication.

•Type: Password

•Required: false

•Default value: <none>

The address of the server implementing the SOAP interface (For example, https://example.com).

•Type: String

•Required: false

•Default value: <none>

Username for HTTP basic authentication. Leave blank if you do not wish to use authentication.

•Type: String

•Required: false

•Default value: <none>

Properties for the "syslog" section:

The host and optional port to send syslog messages to (if empty, messages will be sent to localhost).

•Type: String

•Required: false

•Default value: <none>

Properties for the "trap" section:

The authentication password for sending a Notify over SNMPv3. Blank to send unauthenticated traps.

•Type: Password

•Required: false

•Default value: <none>

The community string to use when sending a Trap over SNMPv1 or a Notify over SNMPv2c.

•Type: String

•Required: false

•Default value: <none>

The hash algorithm for SNMPv3 authentication.

•Type: Enum(String)

•Required: false

•Default value: "md5"

•Permitted values:

"md5": MD5

"sha1": SHA-1

The encryption password to encrypt a Notify message for SNMPv3. Requires that authentication also be configured. Blank to send unencrypted traps.

•Type: Password

•Required: false

•Default value: <none>

The hostname or IPv4 address and optional port number that should receive traps.

•Type: String

•Required: false

•Default value: <none>

The SNMP username to use to send the Notify over SNMPv3.

•Type: String

•Required: false

•Default value: <none>

If the hostnames for this scope are aliases of each other, the canonical hostname will be used for requests to the server.

•Type: String

•Required: false

•Default value: <none>

The hostnames to limit acceleration to.

•Type: Set(String)

•Required: false

•Default value: <none>

The IP address of the BGP neighbor

•Type: String

•Required: false

•Default value: <none>

The minimum interval between the sending of BGP routing updates to neighbors. Note that as a result of jitter, as defined for BGP, the interval during which no advertisements are sent will be between 75% and 100% of this value.

•Type: UInt

•Required: false

•Default value: "5"

The AS number for the BGP neighbor

•Type: UInt

•Required: false

•Default value: "65534"

The password to be used for authentication of sessions with neighbors

•Type: String

•Required: false

•Default value: <none>

The period after which the BGP session with the neighbor is deemed to have become idle - and requires re-establishment - if the neighbor falls silent.

•Type: UInt

•Required: false

•Default value: "90"

The interval at which messages are sent to the BGP neighbor to keep the mutual BGP session established.

•Type: UInt

•Required: false

•Default value: "30"

The maximum bandwidth to allocate to connections that are associated with this bandwidth class (in kbits/second).

•Type: UInt

•Required: false

•Default value: "10000"

A description of this bandwidth class.

•Type: FreeformString

•Required: false

•Default value: <none>

The vCenter server hostname or IP address.

•Type: String

•Required: false

•Default value: <none>

The traffic manager creates and destroys nodes via API calls. This setting specifies (in seconds) how long to wait for such calls to complete.

•Type: UInt

•Required: false

•Default value: "200"

The first part of the credentials for the cloud user. Typically this is some variation on the username concept.

•Type: String

•Required: false

•Default value: <none>

The second part of the credentials for the cloud user. Typically this is some variation on the password concept.

•Type: Password

•Required: false

•Default value: <none>

The third part of the credentials for the cloud user. Typically this is some variation on the authentication token concept.

•Type: Password

•Required: false

•Default value: <none>

The script to call for communication with the cloud API.

•Type: String

•Required: false

•Default value: <none>

The domain origin of this Zone.

•Type: String

•Required: true

•Default value: <none>

The actions triggered by events matching this event type, as a list of action references.

•Type: List(Reference(config-event-action))

•Required: false

•Default value: <none>

If set to Yes this indicates that this configuration is built-in (provided as part of the software) and must not be deleted or edited.

•Type: Boolean

•Required: false

•Default value: false

A description of this event type.

•Type: FreeformString

•Required: false

•Default value: <none>

Properties for the "cloudcredentials" section:

Cloud credentials event tags

•Type: List(String)

•Required: false

•Default value: <none>

Cloud credentials object names

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "config" section:

Configuration file event tags

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "faulttolerance" section:

Fault tolerance event tags

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "general" section:

General event tags

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "glb" section:

GLB service event tags

•Type: List(String)

•Required: false

•Default value: <none>

GLB service object names

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "java" section:

Java event tags

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "licensekeys" section:

License key event tags

•Type: List(String)

•Required: false

•Default value: <none>

License key object names

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "locations" section:

Location event tags

•Type: List(String)

•Required: false

•Default value: <none>

Location object names

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "monitors" section:

Monitor event tags

•Type: List(String)

•Required: false

•Default value: <none>

Monitors object names

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "pools" section:

Pool key event tags

•Type: List(String)

•Required: false

•Default value: <none>

Pool object names

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "protection" section:

Service protection class event tags

•Type: List(String)

•Required: false

•Default value: <none>

Service protection class object names

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "rules" section:

Rule event tags

•Type: List(String)

•Required: false

•Default value: <none>

Rule object names

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "slm" section:

SLM class event tags

•Type: List(String)

•Required: false

•Default value: <none>

SLM class object names

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "ssl" section:

SSL event tags

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "sslhw" section:

SSL hardware event tags

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "trafficscript" section:

TrafficScript event tags

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "vservers" section:

Virtual server event tags

•Type: List(String)

•Required: false

•Default value: <none>

Virtual server object names

•Type: List(String)

•Required: false

•Default value: <none>

Properties for the "zxtms" section:

Traffic manager event tags

•Type: List(String)

•Required: false

•Default value: <none>

Defines the global load balancing algorithm to be used.

•Type: Enum(String)

•Required: false

•Default value: "hybrid"

•Permitted values:

"chained": Sends traffic to one location at a time, until that location fails where the next one in the chain is used.

"geo": Distributes traffic based solely on the geographic location of each client.

"hybrid": Distribute traffic based on both the load and geographic location.

"load": Distributes traffic based on the current load to each location.

"round_robin": Distributes traffic by assigning each request to a new location in turn. Over a period of time, all locations will receive the same number of requests.

"weighted_random": Distributes traffic in a random way, but according to a weighted policy defined by individual location weights

Do all monitors assigned to a location need to report success in order for it to be considered healthy?

•Type: Boolean

•Required: false

•Default value: true

The last location to fail will be available as soon as it recovers.

•Type: Boolean

•Required: false

•Default value: true

Enable/Disable automatic failback mode.

•Type: Boolean

•Required: false

•Default value: false

The locations this service operates for and defines the order in which locations fail.

•Type: List(String)

•Required: false

•Default value: <none>

Locations recovering from a failure will become disabled.

•Type: Boolean

•Required: false

•Default value: false

A table mapping domains to the private keys that authenticate them

•Type: Table

•Required: false

•Primary key:

•domain (String): A domain authenticated by the associated private keys. (Required)

•Sub keys:

•ssl_key (Set(String)): Private keys that authenticate the associated domain. (Required)

The domains shown here should be a list of Fully Qualified Domain Names that you would like to balance globally. Responses from the back end DNS servers for queries that do not match this list will be forwarded to the client unmodified. Note: "*" may be used as a wild card.

•Type: Set(String)

•Required: false

•Default value: <none>

Enable/Disable our response manipulation of DNS.

•Type: Boolean

•Required: false

•Default value: false

How much should the locality of visitors affect the choice of location used? This value is a percentage, 0% means that no locality information will be used, and 100% means that locality will always control which location is used. Values between the two extremes will act accordingly.

•Type: UInt

•Required: false

•Default value: "50"

The response to be sent in case there are no locations available.

•Type: Set(String)

•Required: false

•Default value: <none>

This is the list of locations for which this service is draining. A location that is draining will never serve any of its service IP addresses for this domain. This can be used to take a location off-line.

•Type: Set(String)

•Required: false

•Default value: <none>

Table containing location specific settings.

•Type: Table

•Required: false

•Primary key:

•location (String): Location to which the associated settings apply. (Required)

•Sub keys:

•weight (UInt): Weight for this location, for use by the weighted random algorithm.

•ips (Set(String)): The IP addresses that are present in a location. If the Global Load Balancer decides to direct a DNS query to this location, then it will filter out all IPs that are not in this list. (Required)

•monitors (Set(String)): The monitors that are present in a location.

Return all or none of the IPs under complete failure.

•Type: Boolean

•Required: false

•Default value: true

Response rules to be applied in the context of the service, in order, comma separated.

•Type: List(Reference(config-trafficscript))

•Required: false

•Default value: <none>

The TTL for the DNS resource records handled by the GLB service.

•Type: Int

•Required: false

•Default value: "-1"

Properties for the "log" section:

Log connections to this GLB service?

•Type: Boolean

•Required: false

•Default value: false

The filename the verbose query information should be logged to. Appliances will ignore this.

•Type: String

•Required: false

•Default value: "%zeushome%/zxtm/log/services/%g.log"

How often, in milliseconds, each traffic manager child process (that isn't listening for new connections) checks to see whether it should start listening for new connections.

•Type: UInt

•Required: false

•Default value: "50"

Is the application firewall enabled.

•Type: Boolean

•Required: false

•Default value: false

The default chunk size for reading/writing requests.

•Type: UInt

•Required: false

•Default value: "16384"

Whether or not your traffic manager should make use of TCP optimisations to defer the processing of new client-first connections until the client has sent some data.

•Type: Boolean

•Required: false

•Default value: false

Cluster identifier. Generally supplied by Services Director.

•Type: String

•Required: false

•Default value: <none>

A list of license servers for FLA licensing. A license server should be specified as a <ip/host>:<port> pair.

•Type: Set(String)

•Required: false

•Default value: <none>

The maximum number of file descriptors that your traffic manager will allocate.

•Type: UInt

•Required: false

•Default value: "1048576"

The maximum amount of memory allowed to be used to buffer network data in user space for all TCP connections. The TCP data buffered are either received from clients but before sending to pool nodes, or recevied from pool nodes but before sending to clients. This is specified as either a percentage of system RAM, 5% for example, or an absolute size such as 1024MB and 2GB. A numeric value without suffix MB, GB or % defaults to MB. A value of 800 means 800MB. A value of 0 means unlimited.

•Type: String

•Required: false

•Default value: <none>

The maximum number of each of nodes, pools or locations that can be monitored. The memory used to store information about nodes, pools and locations is allocated at start-up, so the traffic manager must be restarted after changing this setting.

•Type: UInt

•Required: false

•Default value: "4096"

The maximum number of Rate classes that can be created. Approximately 100 bytes will be pre-allocated per Rate class.

•Type: UInt

•Required: false

•Default value: "25000"

The size of the shared memory pool used for shared storage across worker processes (e.g. bandwidth shared data).This is specified as either a percentage of system RAM, 5% for example, or an absolute size such as 10MB.

•Type: String

•Required: false

•Default value: "10MB"

The maximum number of SLM classes that can be created. Approximately 100 bytes will be pre-allocated per SLM class.

•Type: UInt

•Required: false

•Default value: "1024"

The size of the operating system's read buffer. A value of 0 (zero) means to use the OS default; in normal circumstances this is what should be used.

•Type: UInt

•Required: false

•Default value: <none>

The size of the operating system's write buffer. A value of 0 (zero) means to use the OS default; in normal circumstances this is what should be used.

•Type: UInt

•Required: false

•Default value: <none>

Whether or not the traffic manager should use potential network socket optimisations. If set to auto, a decision will be made based on the host platform.

•Type: Enum(String)

•Required: false

•Default value: "auto"

•Permitted values:

"auto": Decide based on local platform

"no": Disable socket optimizations

"yes": Enable socket optimizations

The maximum number of Traffic IP Groups that can be created.

•Type: UInt

•Required: false

•Default value: "10000"

Properties for the "admin" section:

Whether or not the admin server, the internal control port and the config daemon honor the Fallback SCSV to protect connections against downgrade attacks.

•Type: Boolean

•Required: false

•Default value: true

Whether or not SSL3/TLS re-handshakes should be supported for admin server and internal connections.

•Type: Enum(String)

•Required: false

•Default value: "rfc5746"

•Permitted values:

"always": Always allow

"never": Never allow

"rfc5746": Only if client uses RFC 5746 (Secure Renegotiation Extension)

"safe": Allow safe re-handshakes

The SSL ciphers to use for admin server and internal connections. For information on supported ciphers see the online help.

•Type: String

•Required: false

•Default value: <none>

The length in bits of the Diffie-Hellman key for ciphers that use Diffie-Hellman key agreement for admin server and internal connections.

•Type: Enum(UInt)

•Required: false

•Default value: "dh_2048"

•Permitted values:

"dh_1024": Use 1024 bit keys for Diffie-Hellman ciphers.

"dh_2048": Use 2048 bit keys for Diffie-Hellman ciphers.

"dh_3072": Use 3072 bit keys for Diffie-Hellman ciphers.

"dh_4096": Use 4096 bit keys for Diffie-Hellman ciphers.

If SSL3/TLS re-handshakes are supported on the admin server, this defines the minimum time interval (in milliseconds) between handshakes on a single SSL3/TLS connection that is permitted. To disable the minimum interval for handshakes the key should be set to the value 0.

•Type: UInt

•Required: false

•Default value: "1000"

The SSL elliptic curve preference list for admin and internal connections. The named curves P256, P384 and P521 may be configured.

•Type: List(String)

•Required: false

•Default value: <none>

Whether or not SSL3 and TLS1 use one-byte fragments as a BEAST countermeasure for admin server and internal connections.

•Type: Boolean

•Required: false

•Default value: false

The maximum size (in bytes) of SSL handshake messages that the admin server and internal connections will accept. To accept any size of handshake message the key should be set to the value 0.

•Type: UInt

•Required: false

•Default value: "10240"

The SSL signature algorithms preference list for admin and internal connections using TLS version 1.2 or higher. For information on supported algorithms see the online help.

•Type: String

•Required: false

•Default value: <none>

Whether or not SSL3 support is enabled for admin server and internal connections.

•Type: Boolean

•Required: false

•Default value: false

Whether or not TLS1.0 support is enabled for admin server and internal connections.

•Type: Boolean

•Required: false

•Default value: true

Whether or not TLS1.1 support is enabled for admin server and internal connections.

•Type: Boolean

•Required: false

•Default value: true

Whether or not TLS1.2 support is enabled for admin server and internal connections.

•Type: Boolean

•Required: false

•Default value: true

Whether or not TLS1.3 support is enabled for admin server and internal connections.

•Type: Boolean

•Required: false

•Default value: true

Properties for the "appliance" section:

The password used to protect the bootloader. An empty string means there will be no protection.

•Type: Password

•Required: false

•Default value: <none>

Whether or not the traffic manager will attempt to route response packets back to clients via the same route on which the corresponding request arrived. Note that this applies only to the last hop of the route - the behaviour of upstream routers cannot be altered by the traffic manager.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "aptimizer" section:

The maximum size of a dependent resource that can undergo Web Accelerator optimization. Any content larger than this size will not be optimized. Units of KB and MB can be used, no postfix denotes bytes. A value of 0 disables the limit.

•Type: String

•Required: false

•Default value: "2MB"

The maximum size of unoptimized content buffered in the traffic manager for a single backend response that is undergoing Web Accelerator optimization. Responses larger than this will not be optimized. Note that if the backend response is compressed then this setting pertains to the compressed size, before Web Accelerator decompresses it. Units of KB and MB can be used, no postfix denotes bytes. Value range is 1 - 128MB.

•Type: String

•Required: false

•Default value: "2MB"

The period of time (in seconds) after which a previous failure will no longer count towards the watchdog limit.

•Type: UInt

•Required: false

•Default value: "300"

The maximum number of times the Web Accelerator sub-process will be started or restarted within the interval defined by the aptimizer!watchdog_interval setting. If the process fails this many times, it must be restarted manually from the Diagnose page. Zero means no limit.

•Type: UInt

•Required: false

•Default value: "3"

Properties for the "auditlog" section:

Whether to mirror the audit log to EventD.

•Type: Boolean

•Required: false

•Default value: false

Whether to output audit log message to the syslog.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "auth" section:

Lifetime in seconds of cryptographic keys used to decrypt SAML SP sessions stored externally (client-side).

•Type: UInt

•Required: false

•Default value: "86400"

Rotation interval in seconds for cryptographic keys used to encrypt SAML SP sessions stored externally (client-side).

•Type: UInt

•Required: false

•Default value: "14400"

Properties for the "autoscaler" section:

Whether or not detailed messages about the autoscaler's activity are written to the error log.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "bgp" section:

The number of the BGP AS in which the traffic manager will operate. Must be entered in decimal.

•Type: UInt

•Required: false

•Default value: "65534"

Whether BGP Route Health Injection is enabled

•Type: Boolean

•Required: false

•Default value: false

Properties for the "cluster_comms" section:

The default value of allow_update for new cluster members. If you have cluster members joining from less trusted locations (such as cloud instances) this can be set to false in order to make them effectively "read-only" cluster members.

•Type: Boolean

•Required: false

•Default value: true

The hosts that can contact the internal administration port on each traffic manager. This should be a list containing IP addresses, CIDR IP subnets, and localhost; or it can be set to all to allow any host to connect.

•Type: List(String)

•Required: false

•Default value: "all"

How often to propagate the session persistence and bandwidth information to other traffic managers in the same cluster. Set this to 0 (zero) to disable propagation. Note that a cluster using "unicast" heartbeat messages cannot turn off these messages.

•Type: UInt

•Required: false

•Default value: "3"

The maximum amount of time to wait when propagating session persistence and bandwidth information to other traffic managers in the same cluster. Once this timeout is hit the transfer is aborted and a new connection created.

•Type: UInt

•Required: false

•Default value: "6"

Properties for the "connection" section:

The maximum number of unused HTTP keepalive connections with back-end nodes that the traffic manager should maintain for re-use. Setting this to 0 (zero) will cause the traffic manager to auto-size this parameter based on the available number of file-descriptors.

•Type: UInt

•Required: false

•Default value: <none>

How long an unused HTTP keepalive connection should be kept before it is discarded.

•Type: UInt

•Required: false

•Default value: "10"

The listen queue size for managing incoming connections. It may be necessary to increase the system's listen queue size if this value is altered. If the value is set to 0 then the default system setting will be used.

•Type: UInt

•Required: false

•Default value: <none>

Number of processes that should accept new connections. Only this many traffic manager child processes will listen for new connections at any one time. Setting this to 0 (zero) will cause your traffic manager to select an appropriate default value based on the architecture and number of CPUs.

•Type: UInt

•Required: false

•Default value: <none>

Whether or not the traffic manager should try to read multiple new connections each time a new client connects. This can improve performance under some very specific conditions. However, in general it is recommended that this be set to 'false'.

•Type: Boolean

•Required: false

•Default value: false

Whether or not the traffic manager should try to read multiple UDP packets from clients each time the kernel reports data received from clients. This can improve performance for the situation with high UDP traffic throughput from clients to the traffic manager. Therefore, in general it is recommended that this be set to 'Yes'.

•Type: Boolean

•Required: false

•Default value: true

Properties for the "dns" section:

Maximum Time To Live (expiry time) for entries in the DNS cache.

•Type: UInt

•Required: false

•Default value: "86400"

Minimum Time To Live (expiry time) for entries in the DNS cache.

•Type: UInt

•Required: false

•Default value: "86400"

Expiry time for failed lookups in the DNS cache.

•Type: UInt

•Required: false

•Default value: "60"

Maximum number of entries in the DNS cache.

•Type: UInt

•Required: false

•Default value: "10867"

Timeout for receiving a response from a DNS server.

•Type: UInt

•Required: false

•Default value: "12"

Properties for the "ec2" section:

Deprecated: This key is unused. Amazon authentication credentials are now extracted from IAM Roles assigned to an EC2 instance.

•Type: String

•Required: false

•Default value: <none>

The maximum amount of time requests to the AWS Query API can take before timing out.

•Type: UInt

•Required: false

•Default value: "10"

URL for the EC2 metadata server, http://169.254.169.254/latest/meta-data for example.

•Type: String

•Required: false

•Default value: <none>

URL for the Amazon EC2 endpoint, https://ec2.amazonaws.com/ for example.

•Type: String

•Required: false

•Default value: <none>

Deprecated: This key is unused. Amazon authentication credentials are now extracted from IAM Roles assigned to an EC2 instance.

•Type: Password

•Required: false

•Default value: <none>

Whether to verify Amazon EC2 endpoint's certificate using CA(s) present in SSL Certificate Authorities Catalog.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "eventing" section:

The minimum length of time that must elapse between alert emails being sent. Where multiple alerts occur inside this timeframe, they will be retained and sent within a single email rather than separately.

•Type: UInt

•Required: false

•Default value: "30"

The number of times to attempt to send an alert email before giving up.

•Type: UInt

•Required: false

•Default value: "10"

Properties for the "fault_tolerance" section:

The number of ARP packets a traffic manager should send when an IP address is raised.

•Type: UInt

•Required: false

•Default value: "10"

Whether or not traffic IPs automatically move back to machines that have recovered from a failure and have dropped their traffic IPs.

•Type: Boolean

•Required: false

•Default value: true

Configure the delay of automatic failback after a previous failover event. This setting has no effect if autofailback is disabled.

•Type: UInt

•Required: false

•Default value: "10"

How long the traffic manager should wait for status updates from any of the traffic manager's child processes before assuming one of them is no longer servicing traffic.

•Type: UInt

•Required: false

•Default value: "5"

The IP addresses used to check front-end connectivity. The text %gateway% will be replaced with the default gateway on each system. Set this to an empty string if the traffic manager is on an Intranet with no external connectivity.

•Type: Set(String)

•Required: false

•Default value: "%gateway%"

The method traffic managers should use to exchange cluster heartbeat messages.

•Type: Enum(String)

•Required: false

•Default value: "unicast"

•Permitted values:

"multicast": multicast

"unicast": unicast

The interval between unsolicited periodic IGMP Membership Report messages for Multi-Hosted Traffic IP Groups.

•Type: UInt

•Required: false

•Default value: "30"

The frequency, in milliseconds, that each traffic manager machine should check and announce its connectivity.

•Type: UInt

•Required: false

•Default value: "500"

How long, in seconds, each traffic manager should wait for a response from its connectivity tests or from other traffic manager machines before registering a failure.

•Type: UInt

•Required: false

•Default value: "5"

The multicast address and port to use to exchange cluster heartbeat messages.

•Type: String

•Required: false

•Default value: "239.100.1.1:9090"

The unicast UDP port to use to exchange cluster heartbeat messages.

•Type: UInt

•Required: false

•Default value: "9090"

Whether or not cluster heartbeat messages should only be sent and received over the management network.

•Type: Boolean

•Required: false

•Default value: false

Whether or not a traffic manager should log all connectivity tests. This is very verbose, and should only be used for diagnostic purposes.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "fips" section:

Enable FIPS Mode (requires software restart).

•Type: Boolean

•Required: false

•Default value: false

Properties for the "ftp" section:

Whether or not the traffic manager should permit use of FTP data connection source ports lower than 1024. If No the traffic manager can completely drop root privileges, if Yes some or all privileges may be retained in order to bind to low ports.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "glb" section:

Write a message to the logs for every DNS query that is load balanced, showing the source IP address and the chosen datacenter.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "historical_activity" section:

Number of days to store historical traffic information, if set to 0 the data will be kept indefinitely.

•Type: UInt

•Required: false

•Default value: "90"

Properties for the "ip" section:

A table of MAC address/network interface to IP address mappings for each router where return path routing is required.

•Type: Table

•Required: false

•Primary key:

•mac (String): The MAC address/network interface of a router the software is connected to. (Required)

•Sub keys:

•ipv4 (String): The MAC address/network interface to IPv4 address mapping of a router the software is connected to. The value is the IPv4 address, the * (asterisk) in the key name is the MAC address and an optional network interface name, for example, 00:50:56:a6:24:3d or 00:50:56:a6:24:3d#eth0.

•ipv6 (String): The MAC address/network interface to IPv6 address mapping of a router the software is connected to. The value is the IPv6 address, the * (asterisk) in the key name is the MAC address and an optional network interface name, for example, 00:50:56:a6:24:3d or 00:50:56:a6:24:3d#eth0.

Properties for the "java" section:

CLASSPATH to use when starting the Java runner.

•Type: String

•Required: false

•Default value: <none>

Java command to use when starting the Java runner, including any additional options.

•Type: String

•Required: false

•Default value: "java -server"

Whether or not Java support should be enabled. If this is set to No, then your traffic manager will not start any Java processes. Java support is only required if you are using the TrafficScript java.run() function.

•Type: Boolean

•Required: false

•Default value: false

Java library directory for additional jar files. The Java runner will load classes from any .jar files stored in this directory, as well as the * jar files and classes stored in traffic manager's catalog.

•Type: String

•Required: false

•Default value: <none>

Maximum number of simultaneous Java requests. If there are more than this many requests, then further requests will be queued until the earlier requests are completed. This setting is per-CPU, so if your traffic manager is running on a machine with 4 CPU cores, then each core can make this many requests at one time.

•Type: UInt

•Required: false

•Default value: "256"

Default time to keep a Java session.

•Type: UInt

•Required: false

•Default value: "86400"

Properties for the "kerberos" section:

Whether or not a traffic manager should log all Kerberos related activity. This is very verbose, and should only be used for diagnostic purposes.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "log" section:

The minimum severity of events/alerts that should be logged to disk. INFO will log all events; a higher severity setting will log fewer events. More fine-grained control can be achieved using events and actions.

•Type: Enum(UInt)

•Required: false

•Default value: "info"

•Permitted values:

"fatal": Only fatal errors are logged

"info": All events are logged to disk

"serious": Only serious errors or worse

"warn": Only warnings and errors are logged

How long to wait before flushing the request log files for each virtual server.

•Type: UInt

•Required: false

•Default value: "5"

The file to log event messages to.

•Type: String

•Required: false

•Default value: "%zeushome%/zxtm/log/errors"

The maximum number of connection errors logged per second when connection error reporting is enabled.

•Type: UInt

•Required: false

•Default value: "50"

How long to wait before re-opening request log files, this ensures that log files will be recreated in the case of log rotation.

•Type: UInt

•Required: false

•Default value: "30"

The minimum time between log messages for log intensive features such as SLM.

•Type: UInt

•Required: false

•Default value: "60"

Properties for the "log_export" section:

The HTTP Event Collector token to use for HTTP authentication with a Splunk server.

•Type: String

•Required: false

•Default value: <none>

The HTTP authentication method to use when exporting log entries.

•Type: Enum(String)

•Required: false

•Default value: "none"

•Permitted values:

"basic": Basic (Username and Password)

"none": None

"splunk": Splunk (HEC token)

The password to use for HTTP basic authentication.

•Type: Password

•Required: false

•Default value: <none>

The username to use for HTTP basic authentication.

•Type: String

•Required: false

•Default value: <none>

Monitor log files and export entries to the configured endpoint.

•Type: Boolean

•Required: false

•Default value: false

The URL to which log entries should be sent. Entries are sent using HTTP(S) POST requests.

•Type: String

•Required: false

•Default value: <none>

The number of seconds after which HTTP requests sent to the configured endpoint will be considered to have failed if no response is received. A value of 0 means that HTTP requests will not time out.

•Type: UInt

•Required: false

•Default value: "30"

Whether the server certificate should be verified when connecting to the endpoint. If enabled, server certificates that do not match the server name, are self-signed, have expired, have been revoked, or that are signed by an unknown CA will be rejected.

•Type: Boolean

•Required: false

•Default value: true

Properties for the "ospfv2" section:

The OSPF area in which the traffic manager will operate. May be entered in decimal or IPv4 address format.

•Type: String

•Required: false

•Default value: "0.0.0.1"

The type of OSPF area in which the traffic manager will operate. This must be the same for all routers in the area, as required by OSPF.

•Type: Enum(String)

•Required: false

•Default value: "normal"

•Permitted values:

"normal": Normal area

"nssa": Not So Stubby Area (RFC3101)

"stub": Stub area

OSPFv2 authentication key ID. If set to 0, which is the default value, the key is disabled.

•Type: UInt

•Required: false

•Default value: <none>

OSPFv2 authentication key ID. If set to 0, which is the default value, the key is disabled.

•Type: UInt

•Required: false

•Default value: <none>

OSPFv2 authentication shared secret (MD5). If set to blank, which is the default value, the key is disabled.

•Type: String

•Required: false

•Default value: <none>

OSPFv2 authentication shared secret (MD5). If set to blank, which is the default value, the key is disabled.

•Type: String

•Required: false

•Default value: <none>

The number of seconds before declaring a silent router down.

•Type: UInt

•Required: false

•Default value: "40"

Whether OSPFv2 Route Health Injection is enabled

•Type: Boolean

•Required: false

•Default value: false

The interval at which OSPF "hello" packets are sent to the network.

•Type: UInt

•Required: false

•Default value: "10"

Properties for the "protection" section:

The amount of shared memory reserved for an inter-process table of combined connection counts, used by all Service Protection classes that have per_process_connection_count set to No. The amount is specified as an absolute size, eg 20MB.

•Type: String

•Required: false

•Default value: "20MB"

Properties for the "recent_connections" section:

How many recently closed connections each traffic manager process should save. These saved connections will be shown alongside currently active connections when viewing the Connections page. You should set this value to 0 in a benchmarking or performance-critical environment.

•Type: UInt

•Required: false

•Default value: "500"

The amount of time for which snapshots will be retained on the Connections page.

•Type: UInt

•Required: false

•Default value: "60"

The maximum number of connections each traffic manager process should show when viewing a snapshot on the Connections page. This value includes both currently active connections and saved connections. If set to 0 all active and saved connection will be displayed on the Connections page.

•Type: UInt

•Required: false

•Default value: "500"

Properties for the "remote_licensing" section:

Whether to create a Communications Channel agent to send and receive messages from the Services Director Registration Server. This will be disabled when performing self-registration with a Services Director which does not support this feature.

•Type: Boolean

•Required: false

•Default value: true

The port number the Services Director instance is using for access to the traffic manager Communications Channel.

•Type: UInt

•Required: false

•Default value: "8102"

The Owner of a Services Director instance, used for self-registration.

•Type: String

•Required: false

•Default value: <none>

The secret associated with the Owner.

•Type: String

•Required: false

•Default value: <none>

The auto-accept Policy ID that this instance should attempt to use.

•Type: String

•Required: false

•Default value: <none>

A Services Director address for self-registration. A registration server should be specified as a <ip/host>:<port> pair.

•Type: String

•Required: false

•Default value: <none>

The certificate of a Services Director instance, used for self-registration.

•Type: String

•Required: false

•Default value: <none>

Properties for the "rest_api" section:

The length of time after a successful request that the authentication of a given username and password will be cached for an IP address. A setting of 0 disables the cache forcing every REST request to be authenticated which will adversely affect performance.

•Type: UInt

•Required: false

•Default value: "120"

Whether or not the REST service is enabled.

•Type: Boolean

•Required: false

•Default value: true

The maximum allowed length in bytes of a HTTP request's headers.

•Type: UInt

•Required: false

•Default value: "4096"

Maximum number of file descriptors that the REST API will allocate. The REST API must be restarted for a change to this setting to take effect.

•Type: UInt

•Required: false

•Default value: "1048576"

Configuration changes will be replicated across the cluster after this period of time, regardless of whether additional API requests are being made.

•Type: UInt

•Required: false

•Default value: "20"

Configuration changes made via the REST API will be propagated across the cluster when no further API requests have been made for this period of time.

•Type: UInt

•Required: false

•Default value: "5"

The period of time after which configuration replication across the cluster will be cancelled if it has not completed.

•Type: UInt

•Required: false

•Default value: "10"

Properties for the "security" section:

Banner text displayed on the Admin Server login page and before logging in to appliance SSH servers.

•Type: FreeformString

•Required: false

•Default value: <none>

Whether or not users must explicitly agree to the displayed login_banner text before logging in to the Admin Server.

•Type: Boolean

•Required: false

•Default value: false

The number of seconds before another login attempt can be made after a failed attempt.

•Type: UInt

•Required: false

•Default value: "4"

The number of sequential failed login attempts that will cause a user account to be suspended. Setting this to 0 disables this feature. To apply this to users who have never successfully logged in, track_unknown_users must also be enabled.

•Type: UInt

•Required: false

•Default value: <none>

Whether or not usernames blocked due to the max_login_attempts limit should also be blocked from authentication against external services (such as LDAP and RADIUS).

•Type: Boolean

•Required: false

•Default value: false

The number of minutes to suspend users who have exceeded the max_login_attempts limit.

•Type: UInt

•Required: false

•Default value: "15"

Whether or not to allow the same character to appear consecutively in passwords.

•Type: Boolean

•Required: false

•Default value: true

The maximum number of times a password can be changed in a 24-hour period. Set to 0 to disable this restriction.

•Type: UInt

•Required: false

•Default value: <none>

Minimum number of alphabetic characters a password must contain. Set to 0 to disable this restriction.

•Type: UInt

•Required: false

•Default value: <none>

Minimum number of characters a password must contain. Set to 0 to disable this restriction.

•Type: UInt

•Required: false

•Default value: <none>

Minimum number of numeric characters a password must contain. Set to 0 to disable this restriction.

•Type: UInt

•Required: false

•Default value: <none>

Minimum number of special (non-alphanumeric) characters a password must contain. Set to 0 to disable this restriction.

•Type: UInt

•Required: false

•Default value: <none>

Minimum number of uppercase characters a password must contain. Set to 0 to disable this restriction.

•Type: UInt

•Required: false

•Default value: <none>

The number of times a password must have been changed before it can be reused. Set to 0 to disable this restriction.

•Type: UInt

•Required: false

•Default value: <none>

Banner text to be displayed on the appliance console after login.

•Type: String

•Required: false

•Default value: <none>

Whether to remember past login attempts from usernames that are not known to exist (should be set to false for an Admin Server accessible from the public Internet). This does not affect the audit log.

•Type: Boolean

•Required: false

•Default value: false

Banner text to be displayed on all Admin Server pages.

•Type: String

•Required: false

•Default value: <none>

Properties for the "session" section:

The maximum number of entries in the ASP session persistence cache. This is used for storing session mappings for ASP session persistence. Approximately 100 bytes will be pre-allocated per entry.

•Type: UInt

•Required: false

•Default value: "32768"

IP session persistence cache expiry time in seconds. A session will not be reused if the time since it was last used exceeds this value. 0 indicates no expiry timeout.

•Type: UInt

•Required: false

•Default value: <none>

The maximum number of entries in the IP session persistence cache. This is used to provide session persistence based on the source IP address. Approximately 100 bytes will be pre-allocated per entry.

•Type: UInt

•Required: false

•Default value: "32768"

J2EE session persistence cache expiry time in seconds. A session will not be reused if the time since it was last used exceeds this value. 0 indicates no expiry timeout.

•Type: UInt

•Required: false

•Default value: <none>

The maximum number of entries in the J2EE session persistence cache. This is used for storing session mappings for J2EE session persistence. Approximately 100 bytes will be pre-allocated per entry.

•Type: UInt

•Required: false

•Default value: "32768"

The maximum number of entries in the SSL session persistence cache. This is used to provide session persistence based on the SSL session ID. Approximately 200 bytes will be pre-allocated per entry.

•Type: UInt

•Required: false

•Default value: "32768"

Universal session persistence cache expiry time in seconds. A session will not be reused if the time since it was last used exceeds this value. 0 indicates no expiry timeout.

•Type: UInt

•Required: false

•Default value: <none>

The maximum number of entries in the global universal session persistence cache. This is used for storing session mappings for universal session persistence. Approximately 100 bytes will be pre-allocated per entry.

•Type: UInt

•Required: false

•Default value: "32768"

Properties for the "snmp" section:

The number of user defined SNMP counters. Approximately 100 bytes will be pre-allocated at start-up per user defined SNMP counter.

•Type: UInt

•Required: false

•Default value: "10"

Properties for the "soap" section:

The number of minutes that the SOAP server should remain idle before exiting. The SOAP server has a short startup delay the first time a SOAP request is made, subsequent SOAP requests don't have this delay.

•Type: UInt

•Required: false

•Default value: "10"

Properties for the "ssl" section:

Whether or not SSL/TLS re-handshakes should be supported. Enabling support for re-handshakes can expose services to Man-in-the-Middle attacks. It is recommended that only "safe" handshakes be permitted, or none at all.

•Type: Enum(String)

•Required: false

•Default value: "safe"

•Permitted values:

"always": Always allow

"never": Never allow

"rfc5746": Only if client uses RFC 5746 (Secure Renegotiation Extension)

"safe": Allow safe re-handshakes

Whether or not the SSL server session cache is enabled, unless overridden by virtual server settings.

•Type: Boolean

•Required: false

•Default value: true

How long the SSL session IDs for SSL decryption should be stored for.

•Type: UInt

•Required: false

•Default value: "1800"

Whether an SSL session created by a given virtual server can only be resumed by a connection to the same virtual server.

•Type: Boolean

•Required: false

•Default value: true

How many entries the SSL session ID cache should hold. This cache is used to cache SSL sessions to help speed up SSL handshakes when performing SSL decryption. Each entry will allocate approximately 1.75kB of metadata.

•Type: UInt

•Required: false

•Default value: "6151"

The SSL/TLS cipher suites preference list for SSL/TLS connections, unless overridden by virtual server or pool settings. For information on supported cipher suites see the online help.

•Type: String

•Required: false

•Default value: <none>

Whether or the SSL client cache will be used, unless overridden by pool settings.

•Type: Boolean

•Required: false

•Default value: true

How long in seconds SSL sessions should be stored in the client cache for, by default. Servers returning session tickets may also provide a lifetime hint, which will be used if it is less than this value.

•Type: UInt

•Required: false

•Default value: "14400"

How many entries the SSL client session cache should hold, per child. This cache is used to cache SSL sessions to help speed up SSL handshakes when performing SSL encryption. Each entry will require approx 100 bytes of memory plus space for either an SSL session id or an SSL session ticket, which may be as small as 16 bytes or may be as large as a few kilobytes, depending upon the server behavior.

•Type: UInt

•Required: false

•Default value: "1024"

Whether or not session tickets, including TLS >= 1.3 PSKs, may be requested and stored in the SSL client cache.

•Type: Boolean

•Required: false

•Default value: true

How much shared memory to allocate for loading Certificate Revocation Lists. This should be at least 3 times the total size of all CRLs on disk. This is specified as either a percentage of system RAM, 1% for example, or an absolute size such as 10MB.

•Type: String

•Required: false

•Default value: "5MB"

The size in bits of the modulus for the domain parameters used for cipher suites that use finite field Diffie-Hellman key agreement.

•Type: Enum(UInt)

•Required: false

•Default value: "dh_2048"

•Permitted values:

"dh_1024": 1024 bit modulus

"dh_2048": 2048 bit modulus

"dh_3072": 3072 bit modulus

"dh_4096": 4096 bit modulus

The SSL/TLS elliptic curve preference list for SSL/TLS connections using TLS version 1.0 or higher, unless overridden by virtual server or pool settings. For information on supported curves see the online help.

•Type: List(String)

•Required: false

•Default value: <none>

Whether or not ssl-decrypting Virtual Servers honor the Fallback SCSV to protect connections against downgrade attacks.

•Type: Boolean

•Required: false

•Default value: true

Whether or not SSL3 and TLS1 use one-byte fragments as a BEAST countermeasure.

•Type: Boolean

•Required: false

•Default value: false

Whether SSL connection key logging should be available via the ssl.sslkeylogline() TrafficScript function. If this setting is disabled then ssl.sslkeylogline() will always return the empty string.

•Type: Boolean

•Required: false

•Default value: false

The maximum size (in bytes) of SSL handshake messages that SSL connections will accept. To accept any size of handshake message the key should be set to the value 0.

•Type: UInt

•Required: false

•Default value: "10240"

Whether or not TLS 1.3 middlebox compatibility mode as described in RFC 8446 appendix D.4 will be used in connections to pool nodes, unless overridden by pool settings.

•Type: Boolean

•Required: false

•Default value: true

If SSL3/TLS re-handshakes are supported, this defines the minimum time interval (in milliseconds) between handshakes on a single SSL3/TLS connection that is permitted. To disable the minimum interval for handshakes the key should be set to the value 0.

•Type: UInt

•Required: false

•Default value: "1000"

The maximum number of cached client certificate OCSP results stored. This cache is used to speed up OCSP checks against client certificates by caching results. Approximately 1040 bytes are pre-allocated per entry.

•Type: UInt

•Required: false

•Default value: "2048"

How long to wait before refreshing requests on behalf of the store of certificate status responses used by OCSP stapling, if we don't have an up-to-date OCSP response.

•Type: UInt

•Required: false

•Default value: "60"

Maximum time to wait before refreshing requests on behalf of the store of certificate status responses used by OCSP stapling. (0 means no maximum.)

•Type: UInt

•Required: false

•Default value: "864000"

How much shared memory to allocate for the store of certificate status responses for OCSP stapling. This should be at least 2kB times the number of certificates configured to use OCSP stapling. This is specified as either a percentage of system RAM, 1% for example, or an absolute size such as 10MB.

•Type: String

•Required: false

•Default value: "1MB"

How many seconds to allow the current time to be outside the validity time of an OCSP response before considering it invalid.

•Type: UInt

•Required: false

•Default value: "30"

Whether the OCSP response signature should be verified before the OCSP response is cached.

•Type: Boolean

•Required: false

•Default value: false

The SSL/TLS signature algorithms preference list for SSL/TLS connections using TLS version 1.2 or higher, unless overridden by virtual server or pool settings. For information on supported algorithms see the online help.

•Type: String

•Required: false

•Default value: <none>

Whether or not SSL3 support is enabled.

•Type: Boolean

•Required: false

•Default value: false

Whether or not TLS1.0 support is enabled.

•Type: Boolean

•Required: false

•Default value: true

Whether or not TLS1.1 support is enabled.

•Type: Boolean

•Required: false

•Default value: true

Whether or not TLS1.2 support is enabled.

•Type: Boolean

•Required: false

•Default value: true

Whether or not TLS1.3 support is enabled.

•Type: Boolean

•Required: false

•Default value: true

Whether or not session tickets will be issued to and accepted from clients that support them, unless overridden by virtual server settings.

•Type: Boolean

•Required: false

•Default value: true

When an SSL session ticket will be reissued (ie when a new ticket will be generated for the same SSL session).

•Type: Enum(String)

•Required: false

•Default value: "never"

•Permitted values:

"always": always

"never": never

The length of time for which an SSL session ticket will be accepted by a virtual server after the ticket is created. If a ticket is reissued (if ssl!tickets!reissue_policy is set to 'always') this time starts at the time when the ticket was reissued.

•Type: UInt

•Required: false

•Default value: "14400"

The length of time for which an auto-generated SSL ticket key will be used to decrypt old session ticket, before being deleted from memory. This setting is ignored if there are any entries in the (REST-only) SSL ticket keys catalog.

•Type: UInt

•Required: false

•Default value: "86400"

The length of time for which an auto-generated SSL ticket key will be used to encrypt new session tickets, before a new SSL ticket key is generated. The ticket encryption key will be held in memory for ssl!tickets!ticket_key_expiry, so that tickets encrypted using the key can still be decrypted and used. This setting is ignored if there are any entries in the (REST-only) SSL ticket keys catalog.

•Type: UInt

•Required: false

•Default value: "14400"

How many seconds to allow the current time to be outside the validity time of an SSL ticket before considering it invalid.

•Type: UInt

•Required: false

•Default value: "30"

Whether the traffic manager should validate that SSL server certificates form a matching key pair before the certificate gets used on an SSL decrypting virtual server.

•Type: Boolean

•Required: false

•Default value: true

Properties for the "ssl_hardware" section:

Whether or not the SSL hardware is an "accelerator" (faster than software). By default the traffic manager will only use the SSL hardware if a key requires it (i.e. the key is stored on secure hardware and the traffic manager only has a placeholder/identifier key). With this option enabled, your traffic manager will instead try to use hardware for all SSL decrypts.

•Type: Boolean

•Required: false

•Default value: false

The client identifier used when accessing the Microsoft Azure Key Vault.

•Type: String

•Required: false

•Default value: <none>

The client secret used when accessing the Microsoft Azure Key Vault.

•Type: Password

•Required: false

•Default value: <none>

The URL for the REST API of the Microsoft Azure Key Vault.

•Type: String

•Required: false

•Default value: <none>

Whether or not the Azure Key Vault REST API certificate should be verified.

•Type: Boolean

•Required: false

•Default value: true

Print verbose information about the PKCS11 hardware security module to the event log.

•Type: Boolean

•Required: false

•Default value: false

The location of the PKCS#11 library for your SSL hardware if it is not in a standard location. The traffic manager will search the standard locations by default.

•Type: String

•Required: false

•Default value: <none>

The label of the SSL Hardware slot to use. Only required if you have multiple HW accelerator slots.

•Type: String

•Required: false

•Default value: <none>

The type of SSL hardware slot to use.

•Type: Enum(String)

•Required: false

•Default value: "operator"

•Permitted values:

"module": Module Protected

"operator": Operator Card Set

"softcard": Soft Card

The User PIN for the PKCS token (PKCS#11 devices only).

•Type: Password

•Required: false

•Default value: <none>

The number of consecutive failures from the SSL hardware that will be tolerated before the traffic manager assumes its session with the device is invalid and tries to log in again. This is necessary when the device reboots following a power failure.

•Type: UInt

•Required: false

•Default value: "5"

The type of SSL hardware to use. The drivers for the SSL hardware should be installed and accessible to the traffic manager software.

•Type: Enum(String)

•Required: false

•Default value: "none"

•Permitted values:

"azure": Microsoft Azure Key Vault

"none": None

"pkcs11": PKCS#11

Properties for the "telemetry" section:

Allow the reporting of anonymized usage data for product improvement and customer support purposes.

•Type: Boolean

•Required: false

•Default value: true

Properties for the "trafficscript" section:

The maximum amount of memory available to store TrafficScript data.local.set() information. This can be specified as a percentage of system RAM, 5% for example; or an absolute size such as 200MB.

•Type: String

•Required: false

•Default value: "5%"

The maximum amount of memory available to store TrafficScript data.set() information. This can be specified as a percentage of system RAM, 5% for example; or an absolute size such as 200MB.

•Type: String

•Required: false

•Default value: "5%"

Raise an event if a TrafficScript rule runs for more than this number of milliseconds in a single invocation. If you get such events repeatedly, you may want to consider re-working some of your TrafficScript rules. A value of 0 means no warnings will be issued.

•Type: UInt

•Required: false

•Default value: "500"

The maximum number of instructions a TrafficScript rule will run. A rule will be aborted if it runs more than this number of instructions without yielding, preventing infinite loops.

•Type: UInt

•Required: false

•Default value: "100000"

Raise an event if a TrafficScript rule requires more than this amount of buffered network data. If you get such events repeatedly, you may want to consider re-working some of your TrafficScript rules to use less memory or to stream the data that they process rather than storing it all in memory. This setting also limits the amount of data that can be returned by request.GetLine().

•Type: UInt

•Required: false

•Default value: "1048576"

The maximum number of regular expressions to cache in TrafficScript. Regular expressions will be compiled in order to speed up their use in the future.

•Type: UInt

•Required: false

•Default value: "57"

The maximum number of ways TrafficScript will attempt to match a regular expression at each position in the subject string, before it aborts the rule and reports a TrafficScript error.

•Type: UInt

•Required: false

•Default value: "10000000"

The percentage of regex_match_limit at which TrafficScript reports a performance warning.

•Type: UInt

•Required: false

•Default value: "5"

Allow the pool.use and pool.select TrafficScript functions to accept variables instead of requiring literal strings. Enabling this feature has the following effects1. Your traffic manager may no longer be able to know whether a pool is in use.2. Errors for pools that aren't in use will not be hidden.3. Some settings displayed for a Pool may not be appropriate for the type of traffic being managed.4. Pool usage information on the pool edit pages and config summary may not be accurate.5. Monitors will run for all pools (with this option disabled monitors will only run for Pools that are used).

•Type: Boolean

•Required: false

•Default value: false

Properties for the "transaction_export" section:

Export metadata about transactions processed by the traffic manager to an external location.

•Type: Boolean

•Required: false

•Default value: false

The endpoint to which transaction metadata should be exported. The endpoint is specified as a hostname or IP address with a port.

•Type: String

•Required: false

•Default value: <none>

Whether the connection to the specified endpoint should be encrypted.

•Type: Boolean

•Required: false

•Default value: true

Whether the server certificate presented by the endpoint should be verified, preventing a connection from being established if the certificate does not match the server name, is self-signed, is expired, is revoked, or has an unknown CA.

•Type: Boolean

•Required: false

•Default value: true

Properties for the "watchdog" section:

The maximum time in seconds a process can fail to update its heartbeat, before the watchdog considers it to have stalled.

•Type: UInt

•Required: false

•Default value: "5"

Properties for the "web_cache" section:

The estimated average length of the path (including query string) for resources being cached. An amount of memory equal to this figure multiplied by max_file_num will be allocated for storing the paths for cache entries. This setting can be increased if your web site makes extensive use of long URLs.

•Type: UInt

•Required: false

•Default value: "512"

Whether or not to use a disk-backed (typically SSD) cache. If set to Yes cached web pages will be stored in a file on disk. This enables the traffic manager to use a cache that is larger than available RAM. The size setting should also be adjusted to select a suitable maximum size based on your disk space. Note that the disk caching is optimized for use with SSD storage.

•Type: Boolean

•Required: false

•Default value: false

If disk caching is enabled, this sets the directory where the disk cache file will be stored. The traffic manager will create a file called webcache.data in this location. Note that the disk caching is optimized for use with SSD storage.

•Type: String

•Required: false

•Default value: "%zeushome%/zxtm/internal"

Maximum number of entries in the cache. Approximately 0.9 KB will be pre-allocated per entry for metadata, this is in addition to the memory reserved for the content cache and for storing the paths of the cached resources.

•Type: UInt

•Required: false

•Default value: "10000"

Largest size of a cacheable object in the cache. This is specified as either a percentage of the total cache size, 2% for example, or an absolute size such as 20MB.

•Type: String

•Required: false

•Default value: "2%"

The maximum length of the path (including query string) for the resource being cached. If the path exceeds this length then it will not be added to the cache.

•Type: UInt

•Required: false

•Default value: "2048"

Enable normalization (lexical ordering of the parameter-assignments) of the query string.

•Type: Boolean

•Required: false

•Default value: true

The maximum size of the HTTP web page cache. This is specified as either a percentage of system RAM, 20% for example, or an absolute size such as 200MB.

•Type: String

•Required: false

•Default value: "20%"

A list of <hostname/ip>:<port> pairs for Kerberos key distribution center (KDC) services to be explicitly used for the realm of the principal. If no KDCs are explicitly configured, DNS will be used to discover the KDC(s) to use.

•Type: List(String)

•Required: false

•Default value: <none>

The name of the Kerberos keytab file containing suitable credentials to authenticate as the specified Kerberos principal.

•Type: String

•Required: true

•Default value: <none>

The name of an optional Kerberos configuration file (krb5.conf).

•Type: String

•Required: false

•Default value: <none>

The Kerberos realm where the principal belongs.

•Type: String

•Required: false

•Default value: <none>

The identifier of this location.

•Type: UInt

•Required: true

•Default value: <none>

The latitude of this location.

•Type: Float

•Required: false

•Default value: "0.0"

The longitude of this location.

•Type: Float

•Required: false

•Default value: "0.0"

A note, used to describe this location.

•Type: FreeformString

•Required: false

•Default value: <none>

Whether entries from the specified log files should be exported only from appliances.

•Type: Boolean

•Required: false

•Default value: false

Export entries from the log files included in this category.

•Type: Boolean

•Required: false

•Default value: false

The set of files to export as part of this category, specified as a list of glob patterns.

•Type: Set(String)

•Required: false

•Default value: <none>

How much historic log activity should be exported.

•Type: Enum(String)

•Required: false

•Default value: "none"

•Permitted values:

"all": Export all historic entries

"none": Do not export any historic entries

"recent": Export recent historic entries, according to the 'history_period' setting

The number of days of historic log entries that should be exported.

•Type: UInt

•Required: false

•Default value: "10"

This is table 'metadata'

•Type: Table

•Required: false

•Primary key:

•name (String): The name of a metadata item which should be sent to the analytics engine along with entries from these log files. (Required)

•Sub keys:

•value (String): Additional metadata to include with the log entries when exporting them to the configured endpoint. Metadata can be used by the system that is receiving the exported data to categorise and parse the log entries. (Required)

Should the monitor slowly increase the delay after it has failed?

•Type: Boolean

•Required: false

•Default value: true

The minimum time between calls to a monitor.

•Type: UInt

•Required: false

•Default value: "3"

The number of times in a row that a node must fail execution of the monitor before it is classed as unavailable.

•Type: UInt

•Required: false

•Default value: "3"

Should this monitor only report health (ignore load)?

•Type: Boolean

•Required: false

•Default value: false

The machine to monitor, where relevant this should be in the form <hostname>:<port>, for "ping" monitors the :<port> part must not be specified.

•Type: String

•Required: false

•Default value: <none>

A description of the monitor.

•Type: FreeformString

•Required: false

•Default value: <none>

A monitor can either monitor each node in the pool separately and disable an individual node if it fails, or it can monitor a specific machine and disable the entire pool if that machine fails. GLB location monitors must monitor a specific machine.

•Type: Enum(String)

•Required: false

•Default value: "pernode"

•Permitted values:

"pernode": Node: Monitor each node in the pool separately

"poolwide": Pool/GLB: Monitor a specified machine

The maximum runtime for an individual instance of the monitor.

•Type: UInt

•Required: false

•Default value: "3"

The internal monitor implementation of this monitor.

•Type: Enum(String)

•Required: false

•Default value: "ping"

•Permitted values:

"connect": TCP Connect monitor

"http": HTTP monitor

"ping": Ping monitor

"program": External program monitor

"rtsp": RTSP monitor

"sip": SIP monitor

"tcp_transaction": TCP transaction monitor

Whether or not the monitor should connect using SSL.

•Type: Boolean

•Required: false

•Default value: false

Whether or not the monitor should emit verbose logging. This is useful for diagnosing problems.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "http" section:

The HTTP basic-auth <user>:<password> to use for the test HTTP request.

•Type: String

•Required: false

•Default value: <none>

A regular expression that the HTTP response body must match. If the response body content doesn't matter then set this to .* (match anything).

•Type: String

•Required: false

•Default value: <none>

The host header to use in the test HTTP request.

•Type: String

•Required: false

•Default value: <none>

The path to use in the test HTTP request. This must be a string beginning with a / (forward slash).

•Type: String

•Required: false

•Default value: "/"

A regular expression that the HTTP status code must match. If the status code doesn't matter then set this to .* (match anything).

•Type: String

•Required: false

•Default value: "^[234][0-9][0-9]$"

Properties for the "rtsp" section:

The regular expression that the RTSP response body must match.

•Type: String

•Required: false

•Default value: <none>

The path to use in the RTSP request (some servers will return 500 Internal Server Error unless this is a valid media file).

•Type: String

•Required: false

•Default value: "/"

The regular expression that the RTSP response status code must match.

•Type: String

•Required: false

•Default value: "^[234][0-9][0-9]$"

Properties for the "script" section:

A table containing arguments and argument values to be passed to the monitor program.

•Type: Table

•Required: false

•Primary key:

•name (String): The name of the argument to be passed to the monitor program. (Required)

•Sub keys:

•value (String): The value of the argument to be passed to the monitor program. (Required)

•description (String): A description for the argument provided to the program.

The program to run. This must be an executable file, either within the monitor scripts directory or specified as an absolute path to some other location on the filesystem.

•Type: String

•Required: false

•Default value: <none>

Properties for the "sip" section:

The regular expression that the SIP response body must match.

•Type: String

•Required: false

•Default value: <none>

The regular expression that the SIP response status code must match.

•Type: String

•Required: false

•Default value: "^[234][0-9][0-9]$"

Which transport protocol the SIP monitor will use to query the server.

•Type: Enum(String)

•Required: false

•Default value: "udp"

•Permitted values:

"tcp": TCP

"udp": UDP

Properties for the "tcp" section:

An optional string to write to the server before closing the connection.

•Type: String

•Required: false

•Default value: <none>

The maximum amount of data to read back from a server, use 0 for unlimited. Applies to TCP and HTTP monitors.

•Type: UInt

•Required: false

•Default value: "2048"

A regular expression to match against the response from the server. Applies to TCP monitors only.

•Type: String

•Required: false

•Default value: ".+"

The string to write down the TCP connection.

•Type: String

•Required: false

•Default value: <none>

Properties for the "udp" section:

This is table 'many_to_one_all_ports'

•Type: Table

•Required: false

•Primary key:

•rule_number (String): A unique rule identifier (Required)

•Sub keys:

•pool (String): Pool of a "many to one overload" type NAT rule. (Required)

•tip (String): TIP Group of a "many to one overload" type NAT rule. (Required)

This is table 'many_to_one_port_locked'

•Type: Table

•Required: false

•Primary key:

•rule_number (String): A unique rule identifier (Required)

•Sub keys:

•pool (String): Pool of a "many to one port locked" type NAT rule. (Required)

•port (UInt): Port number of a "many to one port locked" type NAT rule. (Required)

•protocol (Enum(String)): Protocol of a "many to one port locked" type NAT rule. (Required)

Permitted values:

"icmp": ICMP

"sctp": SCTP

"tcp": TCP

"udp": UDP

"udplite": UDPLITE

•tip (String): TIP Group of a "many to one port locked" type NAT rule. (Required)

This is table 'one_to_one'

•Type: Table

•Required: false

•Primary key:

•rule_number (String): A unique rule identifier (Required)

•Sub keys:

•enable_inbound (Boolean): Enabling the inbound part of a "one to one" type NAT rule. (Required)

•ip (String): IP Address of a "one to one" type NAT rule. (Required)

•tip (String): TIP group of a "one to one" type NAT rule. (Required)

The Bandwidth Management Class this pool uses, if any.

•Type: Reference(config-bandwidth)

•Required: false

•Default value: <none>

If all of the nodes in this pool have failed, then requests can be diverted to another pool.

•Type: Reference(config-pool)

•Required: false

•Default value: <none>

The maximum number of nodes to which the traffic manager will attempt to send a request before returning an error to the client. Requests that are non-retryable will be attempted against only one node. Zero signifies no limit.

•Type: UInt

•Required: false

•Default value: <none>

The maximum number of unused HTTP keepalive connections that should be maintained to an individual node. Zero signifies no limit.

•Type: UInt

•Required: false

•Default value: "50"

The maximum number of connection attempts the traffic manager will make where the server fails to respond within the time limit defined by the max_reply_time setting. Zero signifies no limit.

•Type: UInt

•Required: false

•Default value: "2"

The monitors assigned to this pool, used to detect failures in the back end nodes.

•Type: Set(Reference(config-monitor))

•Required: false

•Default value: <none>

Whether or not connections to the back-end nodes should be closed with a RST packet, rather than a FIN packet. This avoids the TIME_WAIT state, which on rare occasions allows wandering duplicate packets to be safely ignored.

•Type: Boolean

•Required: false

•Default value: false

The number of times the software will attempt to connect to the same back-end node before marking it as failed. This is only used when passive_monitoring is enabled.

•Type: UInt

•Required: false

•Default value: "3"

Specify the deletion behavior for nodes in this pool.

•Type: Enum(String)

•Required: false

•Default value: "immediate"

•Permitted values:

"drain": Allow existing connections to the node to finish before deletion.

"immediate": All connections to the node are closed immediately.

The maximum time that a node will be allowed to remain in a draining state after it has been deleted. A value of 0 means no maximum time.

•Type: UInt

•Required: false

•Default value: <none>

A table of all nodes in this pool. A node should be specified as a <ip>:<port> pair, and has a state, weight and priority.

•Type: Table

•Required: false

•Primary key:

•node (String): A node is a combination of an ip address and port (Required)

•Sub keys:

•priority (UInt): The priority of the node, higher values signify higher priority. If a priority is not specified for a node it is assumed to be 1.

•state (Enum(String)): The state of the pool, which can either be Active, Draining or Disabled

Permitted values:

"active": The node is is active.

"disabled": The node is disabled.

"draining": The node is draining.

•weight (Int): Weight for the node. The actual value in isolation does not matter: As long as it is a valid integer 1-100, the per-node weightings are calculated on the relative values between the nodes.

•source_ip (String): The source address the Traffic Manager uses to connect to this node.

A description of the pool.

•Type: String

•Required: false

•Default value: <none>

Whether or not the software should check that 'real' requests (i.e. not those from monitors) to this pool appear to be working. This should normally be enabled, so that when a node is refusing connections, responding too slowly, or sending back invalid data, it can mark that node as failed, and stop sending requests to it. If this is disabled, you should ensure that suitable health monitors are configured to check your servers instead, otherwise failed requests will not be detected and subsequently retried.

•Type: Boolean

•Required: false

•Default value: true

The default Session Persistence class this pool uses, if any.

•Type: Reference(config-persistence)

•Required: false

•Default value: <none>

Whether or not connections to the back-ends appear to originate from the source client IP address.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "auto_scaling" section:

The time in seconds from the creation of the node which the traffic manager should wait before adding the node to the autoscaled pool. Set this to allow applications on the newly created node time to intialize before being sent traffic.

•Type: UInt

•Required: false

•Default value: <none>

The Cloud Credentials object containing authentication credentials to use in cloud API calls.

•Type: Reference(cloud-api)

•Required: false

•Default value: <none>

The ESX host or ESX cluster name to put the new virtual machine instances on.

•Type: String

•Required: false

•Default value: <none>

The name of the logical datacenter on the vCenter server. Virtual machines will be scaled up and down under the datacenter root folder.

•Type: String

•Required: false

•Default value: <none>

The name of the datastore to be used by the newly created virtual machine.

•Type: String

•Required: false

•Default value: <none>

Are the nodes of this pool subject to autoscaling? If yes, nodes will be automatically added and removed from the pool by the chosen autoscaling mechanism.

•Type: Boolean

•Required: false

•Default value: false

Whether or not autoscaling is being handled by an external system. Set this value to Yes if all aspects of autoscaling are handled by an external system, such as RightScale. If set to No, the traffic manager will determine when to scale the pool and will communicate with the cloud provider to create and destroy nodes as necessary.

•Type: Boolean

•Required: false

•Default value: true

Any extra arguments to the autoscaling API. Each argument can be separated by comma. E.g in case of EC2, it can take extra parameters to the Amazon's RunInstance API say DisableApiTermination=false,Placement.Tenancy=default.

•Type: String

•Required: false

•Default value: <none>

The time period in seconds for which a change condition must persist before the change is actually instigated.

•Type: UInt

•Required: false

•Default value: "20"

The identifier for the image of the instances to create.

•Type: String

•Required: false

•Default value: <none>

Which type of IP addresses on the node to use. Choose private IPs if the traffic manager is in the same cloud as the nodes, otherwise choose public IPs.

•Type: Enum(String)

•Required: false

•Default value: "publicips"

•Permitted values:

"private_ips": Private IP addresses

"publicips": Public IP addresses

The time in seconds for which the last node in an autoscaled pool must have been idle before it is destroyed. This is only relevant if min_nodes is 0.

•Type: UInt

•Required: false

•Default value: "3600"

The maximum number of nodes in this autoscaled pool.

•Type: UInt

•Required: false

•Default value: "4"

The minimum number of nodes in this autoscaled pool.

•Type: UInt

•Required: false

•Default value: "1"

The beginning of the name of nodes in the cloud that are part of this autoscaled pool.

•Type: String

•Required: false

•Default value: <none>

The port number to use for each node in this autoscaled pool.

•Type: UInt

•Required: false

•Default value: "80"

The time period in seconds after the instigation of a re-size during which no further changes will be made to the pool size.

•Type: UInt

•Required: false

•Default value: "180"

The expected response time of the nodes in ms. This time is used as a reference when deciding whether a node's response time is conforming. All responses from all the nodes will be compared to this reference and the percentage of conforming responses is the base for decisions about scaling the pool up or down.

•Type: UInt

•Required: false

•Default value: "1000"

The fraction, in percent, of conforming requests above which the pool size is decreased. If the percentage of conforming requests exceeds this value, the pool is scaled down.

•Type: UInt

•Required: false

•Default value: "95"

The fraction, in percent, of conforming requests below which the pool size is increased. If the percentage of conforming requests drops below this value, the pool is scaled up.

•Type: UInt

•Required: false

•Default value: "40"

List of security group IDs to associate to the new EC2 instance.

•Type: Set(String)

•Required: false

•Default value: <none>

The identifier for the size of the instances to create.

•Type: String

•Required: false

•Default value: <none>

List of subnet IDs where the new EC2-VPC instance(s) will be launched. Instances will be evenly distributed among the subnets. If the list is empty, instances will be launched inside EC2-Classic.

•Type: Set(String)

•Required: false

•Default value: <none>

Properties for the "connection" section:

How long the pool should wait for a connection to a node to be established before giving up and trying another node.

•Type: UInt

•Required: false

•Default value: "4"

The maximum number of concurrent connections allowed to each back-end node in this pool per machine. A value of 0 means unlimited connections.

•Type: UInt

•Required: false

•Default value: <none>

The maximum number of connections that can be queued due to connections limits. A value of 0 means unlimited queue size.

•Type: UInt

•Required: false

•Default value: <none>

How long the pool should wait for a response from the node before either discarding the request or trying another node (retryable requests only).

•Type: UInt

•Required: false

•Default value: "30"

The maximum number of concurrent transactions allowed to each back-end node in this pool per machine. A value of 0 means unlimited transactions. Idle connections kept alive for reuse do not count against this limit. A transaction begins by allocating a connection for sending the request, and ends (for the purposes of queuing) after a complete response has been received from the node.

•Type: UInt

•Required: false

•Default value: <none>

The maximum time to keep a connection queued in seconds.

•Type: UInt

•Required: false

•Default value: "10"

Properties for the "dns_autoscale" section:

When enabled, the Traffic Manager will periodically resolve the hostnames in the "hostnames" list using a DNS query, and use the results to automatically add, remove or update the IP addresses of the nodes in the pool.

•Type: Boolean

•Required: false

•Default value: false

A list of hostnames which will be used for DNS-derived autoscaling

•Type: Set(String)

•Required: false

•Default value: <none>

The port number to use for each node when using DNS-derived autoscaling

•Type: UInt

•Required: false

•Default value: "80"

Properties for the "ftp" section:

Whether or not the backend IPv4 nodes understand the EPRT and EPSV command from RFC 2428. It is always assumed that IPv6 nodes support these commands.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "http" section:

Whether or not the pool should maintain HTTP keepalive connections to the nodes.

•Type: Boolean

•Required: false

•Default value: true

Whether or not the pool should maintain HTTP keepalive connections to the nodes for non-idempotent requests.

•Type: Boolean

•Required: false

•Default value: false

Properties for the "kerberos_protocol_transition" section:

The Kerberos principal the traffic manager should use when performing Kerberos Protocol Transition.

•Type: String

•Required: false

•Default value: <none>

The Kerberos principal name of the service this pool targets.

•Type: String

•Required: false

•Default value: <none>

Properties for the "load_balancing" section:

The load balancing algorithm that this pool uses to distribute load across its nodes.

•Type: Enum(String)

•Required: false

•Default value: "round_robin"

•Permitted values:

"fastest_response_time": The Response Time algorithm monitors the response times for recent requests to each node. It sends each new request to the node that has recently been responding the most quickly.

"least_connections": This algorithm sends each new request to the node with the fewest currently active connections.

"perceptive": The Perceptive algorithm uses a combination of response time data and connection counts to predict which node is likely to have the fastest response time for each request.

"random": This algorithm chooses a random node for each request.

"round_robin": This algorithm distributes traffic by assigning each request to a new node in turn.

"weighted_least_connections": This algorithm works in a similar way to the Least Connections algorithm, but assigns more requests to nodes with a greater 'weight'.

"weighted_round_robin": Weighted Round Robin works in a similar way to Round Robin, but assigns more requests to nodes with a greater 'weight'.

Enable priority lists.

•Type: Boolean

•Required: false

•Default value: false

Minimum number of highest-priority active nodes.

•Type: UInt

•Required: false

•Default value: "1"

Properties for the "node" section:

Close all connections to a node once we detect that it has failed.

•Type: Boolean

•Required: false

•Default value: false

The amount of time, in seconds, that a traffic manager will wait before re-trying a node that has been marked as failed by passive monitoring.

•Type: UInt

•Required: false

•Default value: "60"

Properties for the "service_discovery" section:

Are the nodes of this pool determined by a Service Discovery plugin? If yes, nodes will be automatically added and removed from the pool by the traffic manager.

•Type: Boolean

•Required: false

•Default value: false

The minimum time before rerunning the Service Discovery plugin

•Type: UInt

•Required: false

•Default value: "10"

The plugin script a Service Discovery autoscaled pool should use to retrieve the list of nodes.

•Type: String

•Required: false

•Default value: <none>

The arguments for the script specified in "service_discovery!plugin", e.g. a common instance tag, or name of a managed group of cloud instances.

•Type: String

•Required: false

•Default value: <none>

The maximum time a plugin should be allowed to run before timing out. Set to 0 for no timeout.

•Type: UInt

•Required: false

•Default value: <none>

Properties for the "smtp" section:

If we are encrypting traffic for an SMTP connection, should we upgrade to SSL using STARTTLS.

•Type: Boolean

•Required: false

•Default value: true

Properties for the "ssl" section:

The SSL/TLS cipher suites to allow for connections to a back-end node. Leaving this empty will make the pool use the globally configured cipher suites, see configuration key ssl!cipher_suites in the Global Settings section of the System tab. See there for how to specify SSL/TLS cipher suites.

•Type: String

•Required: false

•Default value: <none>

Whether or not a suitable certificate and private key from the SSL Client Certificates catalog be used if the back-end server requests client authentication.

•Type: Boolean

•Required: false

•Default value: false

A list of names against which the 'common name' of the certificate is matched; these names are used in addition to the node's hostname or IP address as specified in the config file or added by the autoscaler process.

•Type: Set(String)

•Required: false

•Default value: <none>

The SSL elliptic curve preference list for SSL connections from this pool using TLS version 1.0 or higher. Leaving this empty will make the pool use the globally configured preference list. The named curves P256, P384 and P521 may be configured.

•Type: List(String)

•Required: false

•Default value: <none>

Whether or not the pool should encrypt data before sending it to a back-end node.

•Type: Boolean

•Required: false

•Default value: false

SSL protocol enhancements allow your traffic manager to prefix each new SSL connection with information about the client. This enables Pulse Secure Virtual Traffic Manager virtual servers referenced by this pool to discover the original client's IP address. Only enable this if you are using nodes for this pool which are Pulse Secure vTMs, whose virtual servers have the ssl_trust_magic setting enabled.

•Type: Boolean

•Required: false

•Default value: false

Whether or not TLS 1.3 middlebox compatibility mode as described in RFC 8446 appendix D.4 will be used in connections to pool nodes. Choosing the global setting means the value of configuration key ssl!middlebox_compatibility from the Global Settings section of the System tab will be enforced.

•Type: Enum(String)

•Required: false

•Default value: "use_default"

•Permitted values:

"disabled": Disable use of middlebox compatibility

"enabled": Enable use of middlebox compatibility

"use_default": Use the global setting for use of middlebox compatibility

Whether or not to send an SSL/TLS "close alert" when initiating a socket disconnection.

•Type: Boolean

•Required: false

•Default value: true

Whether or not the software should use the TLS 1.0 server_name extension, which may help the back-end node provide the correct certificate. Enabling this setting will force the use of at least TLS 1.0.

•Type: Boolean

•Required: false

•Default value: false

Whether or not the SSL client cache will be used for this pool. Choosing the global setting means the value of the configuration key ssl!client_cache!enabled from the Global Settings section of the System tab will be enforced.

•Type: Enum(String)

•Required: false

•Default value: "use_default"

•Permitted values:

"disabled": Disable use of the session cache

"enabled": Enable use of the session cache

"use_default": Use the global setting for use of the session cache

Whether or not SSL session tickets, including TLS >= 1.3 PSKs, will be used for this pool if the session cache is also enabled. Choosing the global setting means the value of the configuration key ssl!client_cache!tickets_enabled from the Global Settings section of the System tab will be enforced.

•Type: Enum(String)

•Required: false

•Default value: "use_default"

•Permitted values:

"disabled": Disable use of session tickets

"enabled": Enable use of session tickets

"use_default": Use the global setting for use of session tickets

The SSL signature algorithms preference list for SSL connections from this pool using TLS version 1.2 or higher. Leaving this empty will make the pool use the globally configured preference list, signature_algorithms in the ssl section of the global_settings resource. See there and in the online help for how to specify SSL signature algorithms.

•Type: String

•Required: false

•Default value: <none>

An entry in the SSL client certificates catalog, containing a certificate and private key to be used whenever client authentication is requested. If set, this overrides server request parameters.

•Type: String

•Required: false

•Default value: <none>

Whether or not strict certificate verification should be performed. This will turn on checks to disallow server certificates that don't match the server name or a name in the ssl_common_name_match list, are self-signed, expired, revoked, or have an unknown CA.

•Type: Boolean

•Required: false

•Default value: false

Whether or not SSLv3 is enabled for this pool. Choosing the global setting means the value of the configuration key ssl!support_ssl3 from the Global Settings section of the System tab will be enforced.

•Type: Enum(String)

•Required: false

•Default value: "use_default"

•Permitted values:

"disabled": Disable SSLv3

"enabled": Enable SSLv3

"use_default": Use the global setting for SSLv3

Whether or not TLSv1.0 is enabled for this pool. Choosing the global setting means the value of the configuration key ssl!support_tls1 from the Global Settings section of the System tab will be enforced.

•Type: Enum(String)

•Required: false

•Default value: "use_default"

•Permitted values:

"disabled": Disable TLSv1.0

"enabled": Enable TLSv1.0

"use_default": Use the global setting for TLSv1.0

Whether or not TLSv1.1 is enabled for this pool. Choosing the global setting means the value of the configuration key ssl!support_tls1_1 from the Global Settings section of the System tab will be enforced.

•Type: Enum(String)

•Required: false

•Default value: "use_default"

•Permitted values:

"disabled": Disable TLSv1.1

"enabled": Enable TLSv1.1

"use_default": Use the global setting for TLSv1.1

Whether or not TLSv1.2 is enabled for this pool. Choosing the global setting means the value of the configuration key ssl!support_tls1_2 from the Global Settings section of the System tab will be enforced.

•Type: Enum(String)

•Required: false

•Default value: "use_default"

•Permitted values:

"disabled": Disable TLSv1.2

"enabled": Enable TLSv1.2

"use_default": Use the global setting for TLSv1.2

Whether or not TLSv1.3 is enabled for this pool. Choosing the global setting means the value of the configuration key ssl!support_tls1_3 from the Global Settings section of the System tab will be enforced.

•Type: Enum(String)

•Required: false

•Default value: "use_default"

•Permitted values:

"disabled": Disable TLSv1.3

"enabled": Enable TLSv1.3

"use_default": Use the global setting for TLSv1.3

Properties for the "tcp" section:

Whether or not Nagle's algorithm should be used for TCP connections to the back-end nodes.

•Type: Boolean

•Required: false

•Default value: true

Properties for the "udp" section:

The IP addresses and ports from which responses to UDP requests should be accepted. If set to accept responses from a specific set of IP addresses, you will need to enter a CIDR Mask (such as 10.100.0.0/16).

•Type: Enum(String)

•Required: false

•Default value: "dest_only"

•Permitted values:

"all": Any IP address and any port.

"dest_ip_only": Only the IP address to which the request was sent, but from any port.

"dest_only": Only the IP address and port to which the request was sent.

"ip_mask": Only a specific set of IP addresses, but from any port.

The CIDR mask that matches IPs we want to receive responses from.

•Type: String

•Required: false

•Default value: <none>

Whether or not to output verbose logging.

•Type: Boolean

•Required: false

•Default value: false

Enable or disable this service protection class.

•Type: Boolean

•Required: false

•Default value: true

Log service protection messages at these intervals. If set to 0 no messages will be logged and no alerts will be sent.

•Type: UInt

•Required: false

•Default value: "60"

A description of the service protection class.

•Type: String

•Required: false

•Default value: <none>

A TrafficScript rule that will be run on the connection after the service protection criteria have been evaluated. This rule will be executed prior to normal rules configured for the virtual server.

•Type: Reference(config-trafficscript)

•Required: false

•Default value: <none>

Place the service protection class into testing mode. (Log when this class would have dropped a connection, but allow all connections through).

•Type: Boolean

•Required: false

•Default value: false

Properties for the "access_restriction" section:

Always allow access to these IP addresses. This overrides the connection limits for these machines, but does not stop other restrictions such as HTTP validity checks.

•Type: Set(String)

•Required: false

•Default value: <none>

Disallow access to these IP addresses.

•Type: Set(String)

•Required: false

•Default value: <none>

Properties for the "concurrent_connections" section:

Additional limit on maximum concurrent connections from the top 10 busiest connecting IP addresses combined. The value should be between 1 and 10 times the max_1_connections limit. (This limit is disabled if per_process_connection_count is No, or max_1_connections is 0, or min_connections is 0.)

•Type: UInt

•Required: false

•Default value: "200"

Maximum concurrent connections each connecting IP address is allowed. Set to 0 to disable this limit.

•Type: UInt

•Required: false

•Default value: "30"

Entry threshold for the max_10_connections limit: the max_10_connections limit is not applied to connecting IP addresses with this many or fewer concurrent connections. Setting to 0 disables both the max_1_connections and max_10_connections limits, if per_process_connection_count is Yes. (If per_process_connection_count is No, this setting is ignored.)

•Type: UInt

•Required: false

•Default value: "4"

Whether concurrent connection counting and limits are per-process. (Each Traffic Manager typically has several processes: one process per available CPU core.) If Yes, a connecting IP address may make that many connections to each process within a Traffic Manager. If No, a connecting IP address may make that many connections to each Traffic Manager as a whole.

•Type: Boolean

•Required: false

•Default value: true

Properties for the "connection_rate" section:

Maximum number of new connections each connecting IP address is allowed to make in the rate_timer interval. Set to 0 to disable this limit. If applied to an HTTP Virtual Server each request sent on a connection that is kept alive counts as a new connection. The rate limit is per process: each process within a Traffic Manager accepts new connections from the connecting IP address at this rate. (Each Traffic Manager typically has several processes: one process per available CPU core).

•Type: UInt

•Required: false

•Default value: <none>

How frequently the max_connection_rate is assessed. For example, a value of 1 (second) will impose a limit of max_connection_rate connections per second; a value of 60 will impose a limit of max_connection_rate connections per minute. The valid range is 1-99999 seconds.

•Type: UInt

•Required: false

•Default value: "60"

Properties for the "http" section:

Whether or not requests with poorly-formed URLs be should be rejected. This tests URL compliance as defined in RFC2396. Note that enabling this may block some older, non-conforming web browsers.

•Type: Boolean

•Required: false

•Default value: false

Maximum permitted length of HTTP request body data, set to 0 to disable the limit.

•Type: UInt

•Required: false

•Default value: <none>

Maximum permitted length of a single HTTP request header (key and value), set to 0 to disable the limit.

•Type: UInt

•Required: false

•Default value: <none>

Maximum permitted size of all the HTTP request headers, set to 0 to disable the limit.

•Type: UInt

•Required: false

•Default value: <none>

Maximum permitted URL length, set to 0 to disable the limit.

•Type: UInt

•Required: false

•Default value: <none>

Whether or not URLs and HTTP request headers that contain binary data (after decoding) should be rejected.

•Type: Boolean

•Required: false

•Default value: false

Requests that are associated with this rate class will be rate-shaped to this many requests per minute, set to 0 to disable the limit.

•Type: UInt

•Required: false

•Default value: <none>

Although requests will be rate-shaped to the max_rate_per_minute, the traffic manager will also rate limit per-second. This smooths traffic so that a full minute's traffic will not be serviced in the first second of the minute, set this to 0 to disable the per-second limit.

•Type: UInt

•Required: false

•Default value: <none>