For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ShannonSeverijn's avatar
ShannonSeverijn
Icon for Nimbostratus rankNimbostratus
May 01, 2014

SNAT objects and changing timeout's via tmsh script

Can you edit the objects in the container all at once instead of going one by one? We have tons of objects spanning across numerous nodes and I would hate to have to edit the timeouts on each and every object one by one. Would take forever. Maybe there is a tmsh script somebody has as a template I can use?

 

Going to each and every object in the SNAT translation list just to change some TCP/UDP/IDLE timeouts in the GUI is very tedious.

 

Surely there has to be another way. FYI I am a newbie at scripting. And going through all 1583 pages of the tmsh reference guide is not an option right now.

 

Thanks in advance.

 

application delivery
LTM
management
TMSH

4 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 02, 2014

    this might not be the best way. Michael has written the following article on bigpipe. bigpipe is no longer available in 11.x but the concept is still applicable using tmsh.

    BIG-IP and Merge File Configuration Changes by Michael Yates

    https://devcentral.f5.com/articles/big-ip-and-merge-file-configuration-changes.U2MM01dhcdU

    e.g.

     initial configuration

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm snat-translation all-properties
ltm snat-translation 1.1.1.1 {
    address 1.1.1.1
    app-service none
    arp enabled
    connection-limit 0
    description none
    enabled
    inherited-traffic-group true
    ip-idle-timeout indefinite
    partition Common
    tcp-idle-timeout indefinite
    traffic-group traffic-group-1
    udp-idle-timeout indefinite
    unit 1
}

 modify by merging

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) load sys config from-terminal merge
Enter configuration. Press CTRL-D to submit or CTRL-C to cancel.
ltm snat-translation 1.1.1.1 {
    address 1.1.1.1
    app-service none
    arp enabled
    connection-limit 0
    description none
    enabled
    inherited-traffic-group true
    ip-idle-timeout 300
    partition Common
    tcp-idle-timeout 300
    traffic-group traffic-group-1
    udp-idle-timeout 60
    unit 1
}
Loading configuration...

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm snat-translation
ltm snat-translation 1.1.1.1 {
    address 1.1.1.1
    ip-idle-timeout 300
    tcp-idle-timeout 300
    traffic-group traffic-group-1
    udp-idle-timeout 60
}
  • ShannonSeverijn's avatar
    ShannonSeverijn
    Icon for Nimbostratus rankNimbostratus
    May 02, 2014

    Nitass,

     

    Thank you for the response and the script syntax. This is what I was looking for however I wanted to change all of the SNAT object time-outs in a batch type job. We have hundreds of SNAT pool objects that need to be changed and I just wondered if there was a way to do them all at once at one time since the timeout values will all be the same on all the objects.

     

    I'm guessing there is a way however it would take someone very fluent in tmsh scripting and F5 to help in this capacity and I don't know if that person will read this request and answer.

     

    But I very much appreciate your response and the sample script you provided.

     

    Thank you very much sincerely.

     

    Shannon

     

  • ShannonSeverijn's avatar
    ShannonSeverijn
    Icon for Nimbostratus rankNimbostratus
    May 02, 2014

    Do I need to do anything else after I "CTRL-D" the config edits guys? You know like in cisco with a "wr" or "copy run start" etc??

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 03, 2014

    Do I need to do anything else after I "CTRL-D" the config edits guys? You know like in cisco with a "wr" or "copy run start" etc??

     

    yes, it is in running configuration. you need "tmsh save sys config" to write it to configuration file.