CirrocumulusF5 login banner - GUI/CLI
Hello Team ,
I would like to set the login banner , Can you please confirm if the below command works ? Will this applicable for both GUI nad CLI banner ?
tmsh modify sys global-settings console-inactivity-timeout 900
tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
tmsh modify cli global-settings idle-timeout 15
Hi Sarovani,
For the command help that you have asked please see below
Task 1
tmsh modify sys global-settings console-inactivity-timeout 900
Task 2tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
Task 3tmsh modify cli global-settings idle-timeout 15
So in general here are the options available for SYS GOBAL-Settings options
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings
Options:
all-properties one-line
non-default-properties |
Properties:
aws-access-key
aws-api-max-concurrency
aws-secret-key
console-inactivity-timeout
custom-addr
description
failsafe-action
file-blacklist-path-prefix
file-blacklist-read-only-path-prefix
file-local-path-prefix
file-whitelist-path-prefixgui-audit
gui-expired-cert-alert
gui-security-banner
gui-security-banner-text
gui-setup
host-addr-mode
hostname
hosts-allow-include
lcd-display
led-locator
mgmt-dhcpnet-reboot
password-prompt
quiet-boot
remote-host
ssh-max-session-limit
ssh-max-session-limit-per-user
ssh-root-session-limit
ssh-session-limit
username-promptTASK 1 (IN TMSH Mode)
=======
tmsh modify sys global-settings console-inactivity-timeout 900
======
Please take ucs backup before making changes .
First use list command to note the default settings in case you need to rever back or for your history purpose
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings console-inactivity-timeout
sys global-settings {
console-inactivity-timeout 0
}The command you need in TMSH Mode
list sys global-settings console-inactivity-timeout
modify sys global-settings console-inactivity-timeout 900
Task 2 (IN TMSH Mode) - This will apply onnly on the GUI
=======
tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
Here you need to check 2 command that GUI Security Banner should be enabled if not you have to modify and make it enable also to use the second part of this command.
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner
sys global-settings {
gui-security-banner enabled
}root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text
sys global-settings {
gui-security-banner-text "Welcome to the BIG-IP Configuration Utility.Log in with your username and password using the fields on the left."
}Modify Command
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify sys global-settings gui-security-banner-text "THIS IS A TEST MACHINE"
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)#Test /List again after changing banner
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text sys global-settings {
gui-security-banner-text "THIS IS A TEST MACHINE"
}TASK 3(IN TMSH Mode)
=========
tmsh modify cli global-settings idle-timeout 15
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list cli global-settings idle-timeout
cli global-settings {
idle-timeout disabled
}list cli global-settings idle-timeout
tmsh modify cli global-settings idle-timeout 15
So leftover task is to set a Banner for pre login and post login on CLI please refer the following 2 articles
a pre-login or post-login message banner for the BIG-IP
https://my.f5.com/manage/s/article/K6068
Configure an advisory banner for the BIG-IP system
https://my.f5.com/manage/s/article/K42313219Hope this helps
š
ā
