Applies To:

Show Versions Show Versions

Manual Chapter: Shared Objects
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Shared Objects panel

The Shared Objects panel displays properties for the following shared objects:

Address lists
Collections of IPv4 or IPv6 addresses or subnets saved on a server and used in firewall rules. A firewall rule matches this list against the source or destination addresses of IP packets.
Port lists
Collections of ports and/or port ranges that can be referenced from firewall rules. As with address lists, the firewall rule matches the ports in a port list against those in network packets.
Schedules
Schedules are assigned to firewall rules to control when rules or rule lists are active. Schedules specify when to apply a firewall rule.

Click the banner for the shared object type to expand the list of objects of that type.

To add a shared object, hover over the header of the type of shared object you want to add and click the (+) icon. Then click the (?) help icon in the top right corner for help about adding that type of object.

To display properties for a shared object, hover over the name of the shared object whose properties you want to view and click the gear icon. Then click the (?) help icon in the top right corner of the interface to get help about the shared object and object properties.

Address lists

An address list is a collection of IPv4 or IPv6 addresses or subnets saved on a server.

Address lists are used by firewall rules to allow or deny access to specific IP addresses in IP packets. Firewall rules compare all addresses in the list to either the source or the destination IP address (in IP packets), depending on how the list is applied. If there is a match, the rule takes an action, such as accepting or dropping the packet.

Note: Click the Address Lists header to toggle the list of address lists open and closed.

Using the Shared Objects Address Lists panel, you can:

  • Add a new address list. Hover in the Address Lists header and click the (+) icon. In the flyout, populate the property fields as required. When you are finished, click Add.
  • Create an address list that contains a single address. You cannot create an empty address list.
  • Modify an address list. Click an address list name to open the Address List Properties flyout. You can edit all properties except Partition.

    When modifying an address list, click Tab to advance from field to field. When finished, click Add or Save.

  • Remove an address list. Hover over the address list name and when the gear icon appears, click it. From the flyout, click Remove.

    If the address list is in use by a policy, rule, or rule list, a popup screen appears informing you. You cannot remove address lists that are in use. Click OK to acknowledge this message. If the address list can be removed, a popup screen appears confirming the removal. Click OK to confirm.

  • Clone an address list. Hover over the address list that you want to duplicate, click the gear icon, and click Clone. A copy of the address list appears with a blank name field. Enter a unique name for the new address list and click Add. The new address list is added to the existing list of address lists.
  • Add an address list to a firewall. Open the firewall and from the Shared Objects panel, drag the address list onto the firewall.
  • Add an address to an address list. Click an address list name to open the Address List Properties flyout. Then, click the (+) icon to the right of an address. To delete an address, click the X icon to the right of the address you want to delete.
  • Delete an address in an address list. Click an address list name to open the Address List Properties flyout. Then, click the X icon to the right of the address you want to delete.

You can define one or more reusable lists of addresses, and you can select one or more address lists to be included in a firewall rule.

Note: For address names that are longer than the display field, hover over the name to see the full name displayed in the tooltip.

Click Cancel to cancel and close the flyout.

Address List Properties

Name Text field accepting up to 128 characters.
Description (Optional) Text field accepting up to 128 characters and used to describe the address list.
Partition Informational, read-only field.
Addresses IPv4 or IPv6 address and optional description. The description is a text field accepting up to 128 characters and used to describe the address.

The format for an IPv4 address is a.b.c.d[/prefix]. For example: 60.63.10.10

The format for an IPv6 address is a:b:c:d:e:f:g:h[/prefix]. For example: 2001:db7:3f4a:9dd:ca90:ff00:42:8329

IPv6 abbreviated form is supported.

You can shorten IPv6 addresses by eliminating leading zeros from each field. For example, you can shorten 2001:0db7:3f4a:09dd:ca90:ff00:0042:8329 to 2001:db7:3f4a:9dd:ca90:ff00:42:8329.

You can also shorten IPv6 addresses by removing the longest contiguous field of zeros. For example, you can shorten 2001:0:0:0:c34a:0:23ff:678 to 2001::c34a:0:23ff:678. The Traffic Management Shell (tmsh) accepts any valid text representation of IPv6 addresses, as defined in RFC 2373. For information about RFC 2373, see rfc2373.txt

You can specify subnets using forward slash (/) notation; for example: 60.63.10.0/24. An example of an IPv6 subnet follows: 2001:db8:a::/64.

You can specify the route domain as well. For example: 255.255.255.0%/24

Port lists

Port lists are lists of ports and/or port ranges that can be referred to from firewall rules. Firewall rules refer to port lists to allow or deny access to specific ports in IP packets. They compare a packet's source port and/or destination port with the ports in a port list. If there is a match, the rule takes an action, such as accepting or dropping the packet.

Note: Click the Port Lists header to toggle the list of port lists open and closed.

Using the Shared Objects Port Lists panel, you can:

  • Add a new port list. Hover in the Port Lists header and when the (+) icon appears, click it. In the flyout, type the property fields as required. When you are finished, click Add.
  • Create a port list that contains a single port. You cannot create an empty port list.
  • Modify a port list. Click a port list name to open the Port List Properties flyout. You can edit all properties except Partition.

    When modifying a port list, click Tab to advance from field to field. When finished, click Add or Save.

  • Remove a port list. Hover over the port list name and when the gear appears, click it. From the flyout, click Remove.

    If the port list is in use by a policy, rule, or rule list, a popup screen appears informing you. You cannot remove port lists that are in use. Click OK to acknowledge this message. If the port list can be removed, you will receive a popup screen requesting that you confirm the removal. Click OK to confirm.

  • Clone a port list. Hover over the port list that you want to duplicate, click the gear icon, and then click Clone. A copy of the port list appears with a blank name field. Enter a unique name for the new port list and click Add. The new port list is added to the existing list of port lists.
  • Add a port list to a firewall. Open the firewall and from the Shared Objects panel, drag the port list onto the firewall.
  • Add a port to a port list. Click a port list name to open the Port List Properties flyout. Then, click the (+) icon to the right of a port.
  • Delete a port in a port list. Click a port list name to open the Port List Properties flyout. Then, click the X icon to the right of the port you want to delete.

You can define one or more reusable lists of ports, and you can select one or more port lists to be included in a firewall rule.

Note: For port list names that are longer than the display field, hover over the name to see the full name displayed in the tooltip.

Click Cancel to cancel and close the flyout.

Port list properties

Name The text field accepts up to 128 characters.
Description The text field accepts up to 128 characters.
Partition Informational, read-only field.
Ports Port or port ranges and (optional) description. Specify port ranges with a dash between the two ends of the range (for example: 80-88). You can add an (optional) description for each port or port range. The description is a text field accepting up to 128 characters and used to describe the port or range of ports.

Schedules

Schedules are assigned to rules, rule lists, and policies to control when these shared objects are actively evaluated.

By default, all rules, rule lists, and policies are on a continuously active schedule. Schedules are continuously active if created without any scheduling specifics (such as the hour that the schedule starts). If you apply a schedule to a rule, rule list, or policy, you can reduce the time that the rule, rule list, or policy is active.

To add a schedule from the New Schedule panel, populate the property fields as required. When you are finished, click Add.

To edit a schedule, hover over the schedule name and click the gear icon. From the flyout, edit the property fields. Click Tab to advance from field to field. When you are finished, click Save.

To duplicate a schedule, hover over the schedule that you want to copy and when the gear appears, click it. Click Clone. A copy of the schedule appears with a blank name field. Enter a unique name for the new schedule and click Add. The new schedule is added to the existing list of schedules.

To remove a schedule, hover over the schedule name and when the gear appears, click it. From the flyout, click Remove.

If the schedule is being used by a policy, rule, or rule list, a popup screen appears informing you. You cannot remove shared objects that are in use. Click OK to acknowledge this message. If the shared object can be removed, a popup screen appears confirming the removal. Click OK to confirm.

Click Cancel to cancel an operation and close the flyout.

Schedule properties

Name Required. Accepts up to 128 characters.
Description Optional. Accepts up to 128 characters.
Partition Informational, read-only. Cannot be edited.
Date Range Click the first field to display a calendar popup screen and select a start date. Click the second field to display a calendar and select an end date. You can specify:
  • Start date and no end date. The equivalent on the BIG-IP system is After, which specifies that the schedule starts after the specified date and runs indefinitely. The schedule is activated starting on the selected date and runs until you change the start date or delete the schedule. Click in the field to choose a start date from a popup calendar. You can specified a start time in the same popup.
  • End date and no start date. The equivalent on the BIG-IP system is Until, which specifies that the schedule starts immediately and runs until a specified end date. The schedule is immediately activated and not disabled until the end date is reached. Click in the field to choose an end date from a popup calendar. You can specified an end time in the same popup screen.
  • Both a start date and an end date. The equivalent on the BIG-IP system is Between, which specifies that the schedule starts on the specified date and runs until the specified end date. Click in the fields to choose the start and end dates from a popup calendar. You can specified start and end times in the same popup.
  • Neither a start date nor an end date. The equivalent on the BIG-IP system is Indefinite, which specifies that the schedule starts immediately and runs indefinitely. The schedule remains active until you change the date range or delete the schedule.

Using the GUI to specify the start and end dates and times is the preferred method. However, if you do specify dates manually, use the format: YYYY-MM-DD HH:MM:SS.

Time Span Time is specified in military time format: HH:MM. You can specify time manually or click in the fields and use the Choose Time popup screen.

Click the first time span field and use the sliders to specify a start time in the popup screen.

Click the second time span field and use the sliders to specify an end time in the popup screen.

If you leave these fields blank, the schedule runs all day, which is the default on the BIG-IQ Security system and on BIG-IP devices. (This option is explicitly called All Day on BIG-IP devices.)
Day Select check boxes for all that apply. You must select at least one day per week.

Click Done to save any changes and close the popup screens.

Click Add at the top of the flyout to add a new schedule or Save to save changes to an existing schedule.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)