Applies To:

Show Versions Show Versions

Manual Chapter: Setting Timers with Service Policies
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Setting Timers with Service Policies

Creating and Applying Service Policies

Introduction to service policies

A service policy collects flow timer and flow timeout features in a policy that can be applied to different contexts.

Service policies serve two purposes:

  • To apply a custom FIN timeout that differs from the system FIN timeout to flows on a specific context and in a specific policy.
  • To apply a custom idle timeout that differs from the system timeout on a specific context and in a specific policy.

A service policy can be applied on a route domain, self IP, or in a firewall rule.

Creating a timer policy

Create a timer policy to set custom timeouts for self IPs, route domains, firewall rules, or firewall rule lists.
  1. Click Network > Service Policies > Timer Policies .
  2. Click Create.
    The New Timer Policy screen opens.
  3. Type a name for the timer policy.
  4. Type an optional description for the timer policy.
  5. To save the timer policy and add timer rules, click Create & Add Rule.
    The New Rule screen opens.
  6. Type a name for the rule.
  7. From the Protocol list, select a protocol.
  8. From the Idle Timeout list, select the timeout option for the selected protocol.
    • Select Specify... to specify the timeout for this protocol, in seconds.
    • Select Immediate to immediately apply this timeout to the protocol.
    • Select Indefinite to specify that this protocol never times out.
    • Select Unspecified to specify no timeout for the protocol. When this is selected, the default timeout for the protocol is used.
  9. Click Finished to save the timer policy rule.
The timer policy is now configured to apply to traffic with this protocol type.
Select the timer policy in a service policy, and apply the service policy to a self IP, route domain, firewall rule, or firewall rule list.

Creating a service policy

Create a service policy to apply custom timer policies to self IPs, route domains, firewall rules, or firewall rule lists.
  1. Click Network > Service Policies .
  2. Click Create.
    The New Service Policy screen opens.
  3. Type a name for the service policy.
  4. Type an optional description for the service policy.
  5. To enable a timer policy in the service policy, in the Timer Policy area, click Enabled.
  6. From the list, select a timer policy to use in the service policy. The Timer Policy Rules area shows the timer policy rules for the selected timer policy.
  7. Click Finished to save the service policy and return to the service policies list screen.
The selected self IP now enforces or stages rules according to your selections.

Applying a service policy to a firewall rule

Apply a service policy to a firewall rule to apply custom timers to traffic matched by the firewall rule.
  1. Click Security > Network Firewall > Active Rules .
  2. Select the service policy.
    Option Description
    With the Inline Rules Editor If you are using the inline rules editor, click in a rule to edit it, and select a service policy in the Action column.
    With the standard rules editor If you are using the standard rule editor, click a rule name and select a service policy from the Service Policy list.
  3. Update the rule, or commit your changes.
  4. Compile and deploy the changes, if you compile and deploy manually.
When the rule is compiled and deployed, the timeouts defined in the service policy are applied to the rule.

Applying a service policy to a virtual server

Apply a service policy to a virtual server to use a timer policy.
  1. On the Main tab, click Local Traffic > Virtual Servers .
    The Virtual Server List screen opens.
  2. Click the Create button.
    The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. In the Destination Address field, type the IP address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is 10.0.0.1 or 10.0.0.0/24, and an IPv6 address/prefix is ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP® system automatically uses a /32 prefix.
  5. In the Service Port field, type a port number or select a service name from the Service Port list.
  6. From the Service policy list, select the service policy.
  7. Configure any other settings as needed.
  8. Click Finished.
The service policy is now associated with the virtual server, and the timer policy is applied to sessions on the virtual server.

Applying a service policy to a route domain

Apply a service policy to a route domain to apply custom timers to traffic that uses the route domain.
  1. On the Main tab, click Network > Route Domains .
    The Route Domain List screen opens.
  2. In the Name column, click the name of the relevant route domain.
  3. Click the route domain to which you will apply the service policy.
  4. From the Service Policy list, select the service policy to apply to the route domain.
  5. Click Update
Traffic on the route domainthat matches the rules defined in the service policy now uses the timeouts defined in the timer policy.

Applying a service policy to a self IP

Apply a service policy to a self IP to apply custom timers to traffic that uses the self IP address.
  1. On the Main tab, click Network > Self IPs .
  2. In the Name column, click the self IP address that you want to modify.
    The properties of the self IP address display.
  3. Click the self IP to which you will apply the service policy.
  4. From the Service Policy list, select the service policy to apply to the self IP.
  5. Click Update
Traffic on the self IP that matches the rules defined in the service policy now uses the timeouts defined in the timer policy.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)