F5 login banner - GUI/CLI

Hi Sarovani,

For the command help that you have asked please see below

Task 1

tmsh modify sys global-settings console-inactivity-timeout 900
Task 2

tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
Task 3

tmsh modify cli global-settings idle-timeout 15

So in general here are the options available for SYS GOBAL-Settings options

root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings
Options:
all-properties one-line
non-default-properties |
Properties:
aws-access-key 
aws-api-max-concurrency
aws-secret-key 
console-inactivity-timeout 
custom-addr 
description 
failsafe-action
file-blacklist-path-prefix
file-blacklist-read-only-path-prefix
file-local-path-prefix 
file-whitelist-path-prefix 

gui-audit
gui-expired-cert-alert
gui-security-banner
gui-security-banner-text
gui-setup
host-addr-mode
hostname
hosts-allow-include
lcd-display
led-locator
mgmt-dhcp

net-reboot
password-prompt
quiet-boot
remote-host
ssh-max-session-limit
ssh-max-se

ssion-limit-per-user
ssh-root-session-limit
ssh-session-limit
username-prompt

TASK 1 (IN TMSH Mode)

=======

tmsh modify sys global-settings console-inactivity-timeout 900

======

Please take ucs backup before making changes .

First use list command to note the default settings in case you need to rever back or for your history purpose

root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings console-inactivity-timeout
sys global-settings {
console-inactivity-timeout 0
}

The command you need in TMSH Mode

list sys global-settings console-inactivity-timeout

modify  sys global-settings console-inactivity-timeout 900

Task 2 (IN TMSH Mode) - This will apply onnly on the GUI

=======

tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."

Here you need to check 2 command that GUI Security Banner should be enabled if not you have to modify and make it enable also to use the second part of this command.

root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner
sys global-settings {
gui-security-banner enabled
}

root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text
sys global-settings {
gui-security-banner-text "Welcome to the BIG-IP Configuration Utility.

Log in with your username and password using the fields on the left."
}

Modify Command

root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify sys global-settings gui-security-banner-text "THIS IS A TEST MACHINE"
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)#

Test /List again after changing banner

root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text sys global-settings {
gui-security-banner-text "THIS IS A TEST MACHINE"
}

TASK 3(IN TMSH Mode)

=========

tmsh modify cli global-settings idle-timeout 15

root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list cli global-settings idle-timeout
cli global-settings {
idle-timeout disabled
}

list cli global-settings idle-timeout

tmsh modify cli global-settings idle-timeout 15 

So leftover task is to set a Banner for pre login and post login on CLI please refer the following 2 articles

a pre-login or post-login message banner for the BIG-IP
https://my.f5.com/manage/s/article/K6068

Configure an advisory banner for the BIG-IP system
https://my.f5.com/manage/s/article/K42313219

Hope this helps

🙏