Forum Discussion

Blue_whale's avatar
Blue_whale
Icon for Cirrocumulus rankCirrocumulus
Dec 08, 2023

F5 login banner - GUI/CLI

Hello Team , 

I would like to set the login banner , Can you please confirm if the below command works ? Will this applicable for both GUI nad CLI banner ?

tmsh modify sys global-settings console-inactivity-timeout 900
tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
tmsh modify cli global-settings idle-timeout 15

 

 

  • Hi Sarovani,

    For the command help that you have asked please see below

    Task 1

    tmsh modify sys global-settings console-inactivity-timeout 900
    Task 2

    tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
    Task 3

    tmsh modify cli global-settings idle-timeout 15

    So in general here are the options available for SYS GOBAL-Settings options

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings
    Options:
    all-properties one-line
    non-default-properties |
    Properties:
    aws-access-key 
    aws-api-max-concurrency
    aws-secret-key 
    console-inactivity-timeout 
    custom-addr 
    description 
    failsafe-action
    file-blacklist-path-prefix
    file-blacklist-read-only-path-prefix
    file-local-path-prefix 
    file-whitelist-path-prefix 

    gui-audit
    gui-expired-cert-alert
    gui-security-banner
    gui-security-banner-text
    gui-setup
    host-addr-mode
    hostname
    hosts-allow-include
    lcd-display
    led-locator
    mgmt-dhcp

    net-reboot
    password-prompt
    quiet-boot
    remote-host
    ssh-max-session-limit
    ssh-max-se

    ssion-limit-per-user
    ssh-root-session-limit
    ssh-session-limit
    username-prompt

    TASK 1 (IN TMSH Mode)

    =======

    tmsh modify sys global-settings console-inactivity-timeout 900

    ======

    Please take ucs backup before making changes .

    First use list command to note the default settings in case you need to rever back or for your history purpose

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings console-inactivity-timeout
    sys global-settings {
    console-inactivity-timeout 0
    }

    The command you need in TMSH Mode

    list sys global-settings console-inactivity-timeout

    modify  sys global-settings console-inactivity-timeout 900

    Task 2 (IN TMSH Mode) - This will apply onnly on the GUI

    =======

    tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."

    Here you need to check 2 command that GUI Security Banner should be enabled if not you have to modify and make it enable also to use the second part of this command.

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner
    sys global-settings {
    gui-security-banner enabled
    }

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text
    sys global-settings {
    gui-security-banner-text "Welcome to the BIG-IP Configuration Utility.

    Log in with your username and password using the fields on the left."
    }

    Modify Command

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify sys global-settings gui-security-banner-text "THIS IS A TEST MACHINE"
    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)#

    Test /List again after changing banner

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text sys global-settings {
    gui-security-banner-text "THIS IS A TEST MACHINE"
    }

     

    TASK 3(IN TMSH Mode)

    =========

    tmsh modify cli global-settings idle-timeout 15

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list cli global-settings idle-timeout
    cli global-settings {
    idle-timeout disabled
    }

    list cli global-settings idle-timeout

    tmsh modify cli global-settings idle-timeout 15 

    So leftover task is to set a Banner for pre login and post login on CLI please refer the following 2 articles

    a pre-login or post-login message banner for the BIG-IP
    https://my.f5.com/manage/s/article/K6068


    Configure an advisory banner for the BIG-IP system
    https://my.f5.com/manage/s/article/K42313219

    Hope this helps

    🙏

     

     

2 Replies

  • Hi Sarovani,

    GUI Banner:

    tmsh modify sys global-settings gui-security-banner-text "THIS IS A TEST MACHINE."

    CLI Banner:

    tmsh modify sys sshd banner enabled banner-text "THIS IS A TEST MACHINE."

    Impact of procedure: These changes may not be present after an upgrade or re-installation. Therefore, F5 does not officially recommend these changes. However, if the changes are required due to a security policy, ensure that the changes are verified after any upgrades. In addition, these changes may not propagate to HA peers and you must perform this procedure to all devices in the device group if required.

    REF: https://my.f5.com/manage/s/article/K6068

  • Hi Sarovani,

    For the command help that you have asked please see below

    Task 1

    tmsh modify sys global-settings console-inactivity-timeout 900
    Task 2

    tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
    Task 3

    tmsh modify cli global-settings idle-timeout 15

    So in general here are the options available for SYS GOBAL-Settings options

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings
    Options:
    all-properties one-line
    non-default-properties |
    Properties:
    aws-access-key 
    aws-api-max-concurrency
    aws-secret-key 
    console-inactivity-timeout 
    custom-addr 
    description 
    failsafe-action
    file-blacklist-path-prefix
    file-blacklist-read-only-path-prefix
    file-local-path-prefix 
    file-whitelist-path-prefix 

    gui-audit
    gui-expired-cert-alert
    gui-security-banner
    gui-security-banner-text
    gui-setup
    host-addr-mode
    hostname
    hosts-allow-include
    lcd-display
    led-locator
    mgmt-dhcp

    net-reboot
    password-prompt
    quiet-boot
    remote-host
    ssh-max-session-limit
    ssh-max-se

    ssion-limit-per-user
    ssh-root-session-limit
    ssh-session-limit
    username-prompt

    TASK 1 (IN TMSH Mode)

    =======

    tmsh modify sys global-settings console-inactivity-timeout 900

    ======

    Please take ucs backup before making changes .

    First use list command to note the default settings in case you need to rever back or for your history purpose

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings console-inactivity-timeout
    sys global-settings {
    console-inactivity-timeout 0
    }

    The command you need in TMSH Mode

    list sys global-settings console-inactivity-timeout

    modify  sys global-settings console-inactivity-timeout 900

    Task 2 (IN TMSH Mode) - This will apply onnly on the GUI

    =======

    tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."

    Here you need to check 2 command that GUI Security Banner should be enabled if not you have to modify and make it enable also to use the second part of this command.

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner
    sys global-settings {
    gui-security-banner enabled
    }

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text
    sys global-settings {
    gui-security-banner-text "Welcome to the BIG-IP Configuration Utility.

    Log in with your username and password using the fields on the left."
    }

    Modify Command

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify sys global-settings gui-security-banner-text "THIS IS A TEST MACHINE"
    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)#

    Test /List again after changing banner

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text sys global-settings {
    gui-security-banner-text "THIS IS A TEST MACHINE"
    }

     

    TASK 3(IN TMSH Mode)

    =========

    tmsh modify cli global-settings idle-timeout 15

    root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list cli global-settings idle-timeout
    cli global-settings {
    idle-timeout disabled
    }

    list cli global-settings idle-timeout

    tmsh modify cli global-settings idle-timeout 15 

    So leftover task is to set a Banner for pre login and post login on CLI please refer the following 2 articles

    a pre-login or post-login message banner for the BIG-IP
    https://my.f5.com/manage/s/article/K6068


    Configure an advisory banner for the BIG-IP system
    https://my.f5.com/manage/s/article/K42313219

    Hope this helps

    🙏