F5 LTM Advanced application object
Defines the data necessary for Trust Protection Platform to provision certificates to current F5 Local Traffic Manager (LTM) Big-IP devices.
- Class Name: F5 LTM Advanced
- Driver Name: appf5ltmadvanced
- Inheritance: Parent class—Application Base and Parent class—Premium Driver Base
Attribute |
Description |
---|---|
Advanced Settings Bundle Name UI: NA
Required: No
|
Policy Definable: No. Default: NA The name of the bundle file that Trust Protection Platform will provision to the F5 appliance when configured to perform mutual authentication settings. |
Advertised CA UI: Advertised CA File
Required: No
|
Policy Definable: Yes. Default: NA The name of the file containing CA certificates that the system advertises to clients as being trusted by the profile. This value is automatically generated and assigned by Trust Protection Platform. |
Archive Location UI: NA
Required: No
|
Policy Definable: No. Default: /var/local/ucs The path where the previous certificate and key will be archived prior to provisioning the new assets. |
Associate SSL Profile To UI: Associate SSL Profile To Required: No |
Policy Definable: Yes. Default: NA The setting to determine whether to associate an SSL profile to Virtual Server:
|
Authentication Frequency UI: Frequency
Required: No
|
Policy Definable: Yes. Default: Once The frequency of authentication for an SSL/TLS session. By default the system authenticates the client (or server depending on the SSL Profile Type) once for an SSL/TLS session. It can also be configured to authenticate every time the session is reused. Valid values are: Once and Always. |
Build UI: NA
Required: No
|
Policy Definable: No. Default: NA An informational attribute set only by Trust Protection Platform. The build number of the iControl software retrieved from the F5 appliance the last time Trust Protection Platform successfully connected to it. |
Bundle Certificate UI: Bundle Certificates
Required: No
|
Policy Definable: Yes. Default: NA A value of 1 specifies that Trust Protection Platform should bundle applicable root and intermediate certificates with the end-entity certificate file when it is installed on the F5 appliance. |
Bundle Certificate Collection UI: Certificate Bundle
Required: No
|
Policy Definable: Yes. Default: NA Only required if Use Advanced Settings = 1. The Trust Protection Platform distinguished name of an F5 Authentication Bundle object. |
Certificate Chain Name UI: CA Chain File
Required: Yes
|
Policy Definable: Yes. Default: NA The filename of the chain file to be provisioned and associated with the SSL profile. This value is required when the Install Chain File” is 1. |
Certificate Name UI: Certificate and Key File
Required: No
|
Policy Definable: No. Default: NA An informational attribute set only by Trust Protection Platform. Read-only. The filename (without the extension) of the certificate and private keys. The driver automatically generates the name. |
Chain Traversal Depth UI: Chain Traversal Depth
Required: No
|
Policy Definable: Yes. Default: 9 The maximum number of certificates to be traversed in a client certificate chain. |
Client Authentication Certificate UI: Client Certificate
Required: No
|
Policy Definable: Yes. Default: Ignore The method used by the system for handling client certificates. Valid values are: Ignore, Require, and Request. |
Config Sync UI: Config Sync
Required: No
|
Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Platform will synchronize the configuration between high availability peers after the certificate and private key are installed on an F5 appliance operating in HA mode. |
Connection Attempts UI: NA
Required: No
|
Policy Definable: No. Default: NA For internal use. |
CRL UI: NA
Required: No
|
Policy Definable: No. Default: NA An informational attribute set only by Trust Protection Platform. Not used. |
Delete Previous Cert and Key UI: Delete Previous Cert and Key
Required: No
|
Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Platform should delete the previous certificate and private key if they exist and if they are not associated with another SSL profile on the F5 LTM application. |
Device Certificate UI: Device Certificate
Required: No
|
Policy Definable: No. Default: 0 A value of 1 specifies that Trust Protection Platform is provisioning the F5 iControl and console management certificate. |
File Validation Disabled UI: Disable File Validation
Required: No
|
Policy Definable: Yes. Default: 0 The setting for certificate file validation:
|
Fips Key UI: Use FIPS
Required: No
|
Policy Definable: Yes. Default: 0 The way to generate and install the certificate and private key. The F5 appliance requires the Federal Information Processing Standard (FIPS) module.
|
Force Profile Update UI: Force Profile Update
Required: No
|
Policy Definable: No. Default: 0 When the password changed since the last certificate provision:
|
Install Chain File UI: Install Chain
Required: No
|
Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Platform will install the chain onto the F5 appliance. |
Last Used Host UI: NA
Required: No
|
Policy Definable: No. Default: NA An informational attribute set only by Trust Protection Platform. Not used. |
Monitor Name UI: Monitor Required: Yes |
Policy Definable: No. Default: NA Required when Associate SSL Profile To is Monitor. The name of an existing F5 LTM Monitor that uses the SSL Profile. |
Monitor Partition UI: Monitor Partition Required: Yes |
Policy Definable: No. Default: NA Required when Associate SSL Profile To is Monitor. The partition name. The default is the Common. |
Network Validation Disabled UI: Disable Network Validation
Required: No
|
Policy Definable: Yes. Default: 0 The setting for network validation:
|
Overwrite Certificate UI: Overwrite Certificate and Key
Required: No
|
Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Platform should overwrite the existing certificate and private key files when it provisions a certificate and private key to the F5 appliance. |
Overwrite Existing Chain UI: Overwrite Chain File
Required: No
|
Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Platform will overwrite the existing certificate chain file when it provisions a certificate to the F5 appliance. If this value is not 1, Trust Protection Platform cannot provision certificates if there is an existing chain file on the F5 appliance. |
Parent SSL Profile Name UI: Parent SSL Profile
Required: No
|
Policy Definable: Yes. Default: NA The name of the F5 LTM parent profile that this profile will inherit default settings from. If no value is specified, the F5 LTM Default profile will be used clientssl for Client SSL profiles and serverssl for Server SSL profiles. |
Partition UI: SSL Partition
Required: No
|
Policy Definable: Yes. Default: Common The name of the partition in which the SSL profile and certificate exist. If not assigned the Common partition is used. |
Previous Certificate UI: NA
Required: No
|
Policy Definable: No. Default: NA An informational attribute set only by Trust Protection Platform. Not used. |
Previous Key UI: NA
Required: No
|
Policy Definable: No. Default: NA An informational attribute set only by Trust Protection Platform. Not used. |
Provisioning To UI: Provisioning To
Required: No
|
Policy Definable: Yes. Default: Standalone The High Availability (HA) state that the F5 LTM must be in, in order for Trust Protection Platform to provision to it. Valid values are: Standalone, Active, Standby, and Ignore Failover State. If the application is not in the configured state at the time provisioning is started, processing will fail and an error will be logged. |
Server Authentication Certificate UI: Server Certificate
Required: No
|
Policy Definable: Yes. Default: Require The manner in which the server SSL profile handles server certificates. Valid values are: Ignore and Require. |
Server Authentication Name UI: Authenticate Name
Required: No
|
Policy Definable: Yes. Default: NA The Common Name (CN) that is embedded in the server certificate. The F5 appliance authenticates a server based on the specified CN. |
SNI Default UI: SNI Default
Required: No
|
Policy Definable: No. Default: 0
|
SNI Server Name UI: SNI Server Name
Required: No
|
Policy Definable: No. Default: NA Works when SSL Profile Type is Client. The SNI Server name. |
SSH Port UI: SSH Port
Required: No
|
Policy Definable: Yes. Default: 22 The TCP port that Trust Protection Platform uses to communicate with the F5 appliance for operations that require an SSH connection. Port 22 is the recommended port. |
SSL Profile Name UI: SSL Profile
Required: Yes
|
Policy Definable: No. Default: NA Only required if Use Advanced Settings = 1. The name of the SSL profile the certificate and private key should be associated with. Trust Protection Platform will create the profile if it does not already exist. |
SSL Profile Type UI: SSL Profile Type
Required: No
|
Policy Definable: No. Default: Client The SSL profile type. Valid values are: Server and Client. |
System Id UI: NA
Required: No
|
Policy Definable: No. Default: NA The system information GUID returned by the F5 appliance the last time Trust Protection Platform successfully connected to it. |
Trusted CA UI: Trusted CA File
Required: No
|
Policy Definable: Yes. Default: NA The name of the bundle file containing CA certificates that the system trusts. This value is automatically generated and assigned by Trust Protection Platform. |
Use Advanced Settings UI: Use Advanced Settings
Required: No
|
Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Platform should provision and configure items related to mutual authentication. Also requires Bundle Certificate Collection. |
Use Basic Provisioning UI: Use Basic Provisioning
Required: No
|
Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Platform should limit its operations to simply provisioning certificate, private key, and chain. No advanced management will be performed. |
Use REST API UI:NA
Required: No
|
Policy Definable: Yes. Default: 1 Instructs the F5 LTM Advanced driver:
|
Version UI: iControl Version
Required: No
|
Policy Definable: No. Default: NA An informational attribute set only by Trust Protection Platform. The version of the iControl software running on the F5 appliance. This value is assigned automatically by the driver when it successfully connects to the F5 appliance. |
Virtual Server Name UI: Virtual Server
Required: Yes
|
Policy Definable: Yes. Default: NA Required when Associate SSL Profile To is Virtual Server. The name of an existing F5 LTM Virtual Server that uses the SSL Profile. |
Virtual Server Partition UI: Virtual Server Partition
Required: No
|
Policy Definable: Yes. Default: Common The name of the partition in which the virtual server associated with the SSL profile exists. If not assigned the Common partition is used. |