f5networks / f5networks.f5_modules / 1.28.0 / module / bigip_virtual_server Manage LTM virtual servers on a BIG-IP | "added in version" 1.0.0 of f5networks.f5_modules" Authors: Tim Rupp (@caphrim007), Wojciech Wypior (@wojtek0806), Nitin Khanna (@nitinthewiz)f5networks.f5_modules.bigip_virtual_server (1.28.0) — module
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections: - name: f5networks.f5_modules version: 1.28.0
Manage LTM virtual servers on a BIG-IP system.
- name: Modify Port of the Virtual Server bigip_virtual_server: state: present partition: Common name: my-virtual-server port: 8080 provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
- name: Delete virtual server bigip_virtual_server: state: absent partition: Common name: my-virtual-server provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
- name: Add virtual server bigip_virtual_server: state: present partition: Common name: my-virtual-server destination: 10.10.10.10 port: 443 pool: my-pool snat: Automap description: Test Virtual Server profiles: - http - fix - name: clientssl context: server-side - name: ilx context: client-side policies: - my-ltm-policy-for-asm - ltm-uri-policy - ltm-policy-2 - ltm-policy-3 enabled_vlans: - /Common/vlan2 provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
- name: Add FastL4 virtual server bigip_virtual_server: destination: 1.1.1.1 name: fastl4_vs port: 80 profiles: - fastL4 state: present provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
- name: Add iRules to the Virtual Server bigip_virtual_server: name: my-virtual-server irules: - irule1 - irule2 provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
- name: Remove one iRule from the Virtual Server bigip_virtual_server: name: my-virtual-server irules: - irule2 provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
- name: Remove all iRules from the Virtual Server bigip_virtual_server: name: my-virtual-server irules: "" provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
- name: Remove pool from the Virtual Server bigip_virtual_server: name: my-virtual-server pool: "" provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
- name: Add metadata to virtual bigip_virtual_server: name: my-virtual-server partition: Common metadata: ansible: 2.4 updated_at: 2017-12-20T17:50:46Z provider: server: lb.mydomain.com user: admin password: secret delegate_to: localhost
- name: Add virtual with two profiles bigip_virtual_server: name: my-virtual-server partition: Common profiles: - http - tcp provider: server: lb.mydomain.com user: admin password: secret delegate_to: localhost
- name: Remove HTTP profile from previous virtual bigip_virtual_server: name: my-virtual-server partition: Common profiles: - tcp provider: server: lb.mydomain.com user: admin password: secret delegate_to: localhost
- name: Add the HTTP profile back to the previous virtual bigip_virtual_server: name: my-virtual-server partition: Common profiles: - http - tcp provider: server: lb.mydomain.com user: admin password: secret delegate_to: localhost
- name: Add virtual server with rate limit bigip_virtual_server: state: present partition: Common name: my-virtual-server destination: 10.10.10.10 port: 443 pool: my-pool snat: Automap description: Test Virtual Server profiles: - http - fix - name: clientssl context: server-side - name: ilx context: client-side policies: - my-ltm-policy-for-asm - ltm-uri-policy - ltm-policy-2 - ltm-policy-3 enabled_vlans: - /Common/vlan2 rate_limit: 400 rate_limit_mode: destination rate_limit_dst_mask: 32 provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
- name: Add FastL4 virtual server with clone_pools bigip_virtual_server: destination: 1.1.1.1 name: fastl4_vs port: 80 profiles: - fastL4 state: present clone_pools: - pool_name: FooPool context: clientside provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
- name: Add virtual with MRF router option set bigip_virtual_server: name: my-virtual-server destination: 10.10.10.10 port: 443 partition: Common profiles: - http - tcp - name: noneg-ssl context: client-side - name: http2 context: client-side - name: httprouter context: all provider: server: lb.mydomain.net user: admin password: secret delegate_to: localhost
mask: description: - Specifies the destination address network mask. This parameter works with IPv4 and IPv6 addresses. - This is an optional parameter which can be specified when creating or updating virtual server. - If C(destination) is set in CIDR notation format and C(mask) is provided, the C(mask) parameter takes precedence. - If you specify a catchall destination (for example, C(0.0.0.0) for IPv4, C(::) for IPv6) the mask parameter is set to C(any) or C(any6) respectively. - When the C(destination) is not in CIDR notation and a C(mask) is not specified, C(255.255.255.255) or C(ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) is set for IPv4 and IPv6 addresses respectively. - When C(destination) is provided in CIDR notation format and a C(mask) is not specified, the mask parameter is inferred from C(destination). - When C(destination) is provided as a virtual address name, and a C(mask) is not specified, the mask will be C(None), allowing device set it with its internal defaults. type: str name: aliases: - vs description: - Virtual server name. required: true type: str pool: description: - Default pool for the virtual server. - If you want to remove the existing pool, specify an empty value; C(""). See the documentation for an example. - When creating a new virtual server, and C(type) is C(stateless), this parameter is required. - If C(type) is C(stateless), the C(pool) must not have any members which define a C(rate_limit). type: str port: description: - Port of the virtual server. Required when C(state) is C(present) and the virtual server does not exist. - If you do not want to specify a particular port, use the value C(0). This means the virtual server listens on any port. - When C(type) is C(dhcp), this module forces the C(port) parameter to C(67). - When C(type) is C(internal), this module forces the C(port) parameter to C(0). - In addition to specifying a port number, a select number of service names may also be provided. - The string C(ftp) may be substituted for for port C(21). - The string C(http) may be substituted for for port C(80). - The string C(https) may be substituted for for port C(443). - The string C(telnet) may be substituted for for port C(23). - The string C(smtp) may be substituted for for port C(25). - The string C(snmp) may be substituted for for port C(161). - The string C(snmp-trap) may be substituted for for port C(162). - The string C(ssh) may be substituted for for port C(22). - The string C(tftp) may be substituted for for port C(69). - The string C(isakmp) may be substituted for for port C(500). - The string C(mqtt) may be substituted for for port C(1883). - The string C(mqtt-tls) may be substituted for for port C(8883). type: str snat: description: - Source network address policy. - When C(type) is C(dhcp), C(reject), or C(internal), this parameter is ignored. - The name of a SNAT pool (like "/Common/snat_pool_name") can be specified to enable SNAT with the specific pool. - To remove SNAT, specify the word C(none). - To specify automap, use the word C(automap). type: str type: choices: - standard - forwarding-l2 - forwarding-ip - performance-http - performance-l4 - stateless - reject - dhcp - internal - message-routing default: standard description: - Specifies the network service provided by this virtual server. - When creating a new virtual server, if this parameter is not provided, the default is C(standard). - This value cannot be changed after it is set. - When C(standard), specifies a virtual server that directs client traffic to a load balancing pool, and is the most basic type of virtual server. When you first create the virtual server, you assign an existing default pool to it. From then on, the virtual server automatically directs traffic to that default pool. - When C(forwarding-l2), specifies a virtual server that shares the same IP address as a node in an associated VLAN. - When C(forwarding-ip), specifies a virtual server like other virtual servers, except the virtual server has no pool members to load balance. The virtual server simply forwards the packet directly to the destination IP address specified in the client request. - When C(performance-http), specifies a virtual server with which you associate a Fast HTTP profile. Together, the virtual server and profile increase the speed at which the virtual server processes HTTP requests. - When C(performance-l4), specifies a virtual server with which you associate a Fast L4 profile. Together, the virtual server and profile increase the speed at which the virtual server processes layer 4 requests. - When C(stateless), specifies a virtual server that accepts traffic matching the virtual server address and load balances the packet to the pool members without attempting to match the packet to a pre-existing connection in the connection table. New connections are immediately removed from the connection table. This addresses the requirement for one-way UDP traffic that needs to be processed at very high throughput levels, for example, load balancing syslog traffic to a pool of syslog servers. Stateless virtual servers are not suitable for processing traffic requiring stateful tracking, such as TCP traffic. Stateless virtual servers do not support iRules, persistence, connection mirroring, rateshaping, or SNAT automap. - When C(reject), specifies the BIG-IP system rejects any traffic destined for the virtual server IP address. - When C(dhcp), specifies a virtual server that relays Dynamic Host Control Protocol (DHCP) client requests for an IP address to one or more DHCP servers, and provides DHCP server responses with an available IP address for the client. - When C(internal), specifies a virtual server that supports modification of HTTP requests and responses. Internal virtual servers enable the use of ICAP (Internet Content Adaptation Protocol) servers to modify HTTP requests and responses by creating and applying an ICAP profile and adding Request Adapt or Response Adapt profiles to the virtual server. - When C(message-routing), specifies a virtual server that uses a SIP application protocol and functions in accordance with a SIP session profile and SIP router profile. type: str state: choices: - present - absent - enabled - disabled default: present description: - The virtual server state. If C(absent), deletes the virtual server if it exists. If C(present), creates the virtual server and enables it. If C(enabled), enables the virtual server if it exists. If C(disabled), creates the virtual server if needed, and sets the state to C(disabled). - Attempting to change C(state) on a virtual server that belongs to an iAPP with strict updates enabled will result in an error message returned by device, unless C(insert_metadata) parameter is set to C(no). type: str irules: aliases: - all_rules description: - Specifies a list of rules to be applied in priority order. - If you want to remove existing iRules, specify a single empty value; C(""). See the documentation for an example. - The order in which iRules are specified does matter, so a list that contains the same list elements but in a different order in the playbook will make changes on the device. - When C(type) is C(dhcp), C(stateless), C(reject), or C(internal), this parameter is ignored. elements: str type: list mirror: description: - Specifies the system mirrors connections on each member of a redundant pair. - When creating a new virtual server, if this parameter is not specified, the default is C(disabled). type: bool source: description: - Specifies an IP address or network from which the virtual server accepts traffic. - The virtual server accepts clients only from one of these IP addresses. - For this setting to function effectively, specify a value other than 0.0.0.0/0 or ::/0 (that is, any/0, any6/0). - In order to maximize the utility of this setting, specify the most specific address prefixes covering all customer addresses and no others. - Specify the IP address in Classless Inter-Domain Routing (CIDR) format; address/prefix, where the prefix length is in bits. For example, for IPv4, 10.0.0.1/32 or 10.0.0.0/24, and for IPv6, ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. type: str metadata: description: - Arbitrary key/value pairs you can attach to a virtual server. This is useful in situations where you want to annotate a virtual to be managed by Ansible. - Key names are stored as strings; this includes names that are numbers. - Values for all of the keys are stored as strings; this includes values that are numbers. - Data is persisted, not ephemeral. type: raw policies: aliases: - all_policies description: - Specifies the policies for the virtual server. - When C(type) is C(dhcp), C(reject), or C(internal), this parameter is ignored. elements: str type: list profiles: aliases: - all_profiles description: - List of profiles (HTTP, ClientSSL, ServerSSL, etc) to apply to both sides of the connection (client-side and server-side). - If you only want to apply a particular profile to the client-side of the connection, specify C(client-side) for the profile's C(context). - If you only want to apply a particular profile to the server-side of the connection, specify C(server-side) for the profile's C(context). - If C(context) is not provided, it will default to C(all). - If you want to remove a profile from the list of profiles currently active on the virtual, simply remove it from the C(profiles) list. See examples for an illustration of this. - If you want to add a profile to the list of profiles currently active on the virtual, simply add it to the C(profiles) list. See examples for an illustration of this. - B(Profiles are important). This module will fail to configure a BIG-IP if you mix up your profiles, or if you attempt to set an IP protocol which your current, or new, profiles do not support. Both this module, and BIG-IP, will report an error if this is incorrect, resembling C(lists profiles incompatible with its protocol). - If you are unsure what the correct profile combinations are, we suggest having a BIG-IP available in which you can make changes and copy what the correct combinations are. - To use C(http2) in full proxy to enable C(HTTP MRF Router) option seen in the GUI you need to assign C(/Common/httprouter) profile with C(context) set to C(all). See the bottom of examples section below. suboptions: context: choices: - all - server-side - client-side default: all description: - The side of the connection on which the profile should be applied. type: str name: description: - Name of the profile. - This must be specified if a context is specified. - If this is not specified, it is assumed the profile item is only a name of a profile. type: str type: raw provider: description: - A dict object containing connection details. suboptions: auth_provider: description: - Configures the auth provider for to obtain authentication tokens from the remote device. - This option is really used when working with BIG-IQ devices. type: str no_f5_teem: default: false description: - If C(yes), TEEM telemetry data is not sent to F5. - You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF). - Previously used variable C(F5_TEEM) is deprecated as its name was confusing. type: bool password: aliases: - pass - pwd description: - The password for the user account used to connect to the BIG-IP or the BIG-IQ. - You may omit this option by setting the environment variable C(F5_PASSWORD). required: true type: str server: description: - The BIG-IP host or the BIG-IQ host. - You may omit this option by setting the environment variable C(F5_SERVER). required: true type: str server_port: default: 443 description: - The BIG-IP server port. - You may omit this option by setting the environment variable C(F5_SERVER_PORT). type: int timeout: description: - Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. type: int transport: choices: - rest default: rest description: - Configures the transport connection to use when connecting to the remote device. type: str user: description: - The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative privileges on the device. - You may omit this option by setting the environment variable C(F5_USER). required: true type: str validate_certs: default: true description: - If C(no), SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. - You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS). type: bool type: dict version_added: 1.0.0 version_added_collection: f5networks.f5_modules partition: default: Common description: - Device partition to manage resources on. type: str rate_limit: description: - Virtual server rate limit (connections-per-second). Setting this to C(0) disables the limit. - The valid value range is C(0) - C(4294967295). type: int clone_pools: description: - Specifies a pool or list of pools that the virtual server uses to replicate either client-side or server-side traffic. - Typically this option is used for intrusion detection. elements: dict suboptions: context: choices: - clientside - serverside description: - The context option for a clone pool to replicate either client-side or server-side traffic. required: true type: str pool_name: description: - The pool name to which the server replicates the traffic. - Only pools created on the Common partition or on the same partition as the virtual server can be used. - Referencing a pool on the Common partition needs to be done in the full path format, for example, C(/Common/pool_name). required: true type: str type: list description: description: - Virtual server description. type: str destination: aliases: - address - ip description: - Destination IP of the virtual server. - Required when C(state) is C(present) and the virtual server does not exist. - When C(type) is C(internal), this parameter is ignored. For all other types, it is required. - Destination can also be specified as a name for an existing Virtual Address. type: str ip_protocol: choices: - ah - any - bna - esp - etherip - gre - icmp - ipencap - ipv6 - ipv6-auth - ipv6-crypt - ipv6-icmp - isp-ip - mux - ospf - sctp - tcp - udp - udplite description: - Specifies a network protocol name you want the system to use to direct traffic on this virtual server. - When creating a new virtual server, if this parameter is not specified, the default is C(tcp). - The Protocol setting is not available when you select Performance (HTTP) as the C(Type). - The value of this argument can be specified in either its numeric value, or in a select number of named values. Refer to C(choices) for examples. - For a list of valid IP protocol numbers, refer to https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers. - When C(type) is C(dhcp), this module forces the C(ip_protocol) parameter to C(17) (UDP). type: str source_port: choices: - preserve - preserve-strict - change description: - Specifies whether the system preserves the source port of the connection. - When creating a new virtual server, if this parameter is not specified, the default is C(preserve). type: str auto_last_hop: choices: - default - enabled - disabled description: - Allows the BIG-IP system to track the source MAC address of incoming connections and return traffic from pools to the source MAC address, regardless of the routing table. type: str version_added: 1.13.0 version_added_collection: f5networks.f5_modules enabled_vlans: description: - List of VLANs to enable. When a VLAN named C(all) is used, all VLANs will be allowed. VLANs can be specified with or without the leading partition. If the partition is not specified in the VLAN, the C(partition) option of this module is used. - This parameter is mutually exclusive with the C(disabled_vlans) parameter. elements: str type: list check_profiles: default: true description: - Specifies whether the client and server SSL profiles specified by the user should be verified to be correct against the existing profiles. This is useful in cases where a large number of profiles are being added at once. - Not recommended for common use. In case of duplicate profiles, or erroneous profiles, the BIG-IP throws an error. type: bool version_added: 1.2.0 version_added_collection: f5networks.f5_modules disabled_vlans: description: - List of VLANs to be disabled. If the partition is not specified in the VLAN, the C(partition) option of this module is used. - This parameter is mutually exclusive with the C(enabled_vlans) parameters. elements: str type: list insert_metadata: default: true description: - When set to C(false), the module does not set metadata on the device. - Currently there is a limitation that non-admin users cannot set metadata on the object, despite being able to create and modify virtual server objects. Setting this option to C(false) allows such users to use this module to manage virtual server objects on the device. - Attempting to change C(state) on Virtual Server that belongs to an iAPP with strict updates enabled will result in error message returned by device, unless C(insert_metadata) parameter is set to C(false). type: bool rate_limit_mode: choices: - object - object-source - object-destination - object-source-destination - destination - source - source-destination default: object description: - Indicates whether the rate limit is applied per virtual object, per source address, per destination address, or some combination thereof. - The default value is C(object), which does not use the source or destination address as part of the key. type: str port_translation: description: - When C(enabled), specifies the system translates the port of the virtual server. - When C(disabled), specifies the system uses the port without translation. Turning off port translation for a virtual server is useful if you want to use the virtual server to load balance connections to any service. - When creating a new virtual server, the default is C(enabled). type: bool address_translation: description: - When C(enabled), specifies the system translates the address of the virtual server. - When C(disabled), specifies the system uses the address without translation. - This option is useful when the system is load balancing devices that have the same IP address. - When creating a new virtual server, the default is C(enabled). type: bool rate_limit_dst_mask: description: - Specifies a mask, in bits, to be applied to the destination address as part of the rate limiting. - The default value is C(0), which is equivalent to using the entire address - C(32) in IPv4, or C(128) in IPv6. - The valid value range is C(0) - C(4294967295). type: int rate_limit_src_mask: description: - Specifies a mask, in bits, to be applied to the source address as part of the rate limiting. - The default value is C(0), which is equivalent to using the entire address - C(32) in IPv4, or C(128) in IPv6. - The valid value range is C(0) - C(4294967295). type: int security_nat_policy: description: - Specify the Firewall NAT policies for the virtual server. - You can specify one or more NAT policies to use. - The most specific policy is used. For example, if you specify the virtual server should use the device policy and the route domain policy, the route domain policy overrides the device policy. suboptions: policy: description: - Specifies the policy to apply a NAT policy directly to the virtual server. - The virtual server NAT policy is the most specific, and overrides a route domain and device policy, if specified. - To remove the policy, specify an empty string value. type: str use_device_policy: description: - Specifies the virtual server uses the device NAT policy, as specified in the Firewall Options. - The device policy is used if no route domain or virtual server NAT setting is specified. type: bool use_route_domain_policy: description: - Specifies the virtual server uses the route domain policy, as specified in the Route Domain Security settings. - When specified, the route domain policy overrides the device policy, and is overridden by a virtual server policy. type: bool type: dict bypass_module_checks: default: false description: - Disables all built-in module verification checks that require BIG-IP device calls. Using this option cuts down on the number of REST calls made by this module. The trade off is that most parameters are sent as is, which requires extra care when defining them. - The device is the final source of truth for such configurations, usable in cases where speed is preferred over accuracy. - If set to C(true), the module ignores the value op C(check_profiles) parameter. - This parameter can be used when creating new or updating existing resources. type: bool version_added: 1.3.0 version_added_collection: f5networks.f5_modules security_log_profiles: description: - Specifies the log profile applied to the virtual server. - To make use of this feature, the AFM module must be licensed and provisioned. - The C(Log all requests) and C(Log illegal requests) are mutually exclusive and therefore, this module raises an error if the two are specified together. elements: str type: list firewall_staged_policy: description: - Applies the specified AFM policy to the virtual in an enforcing way. - A staged policy shows the results of the policy rules in the log, while not actually applying the rules to traffic. - When creating a new virtual, if this parameter is not specified, the staged policy is disabled. type: str ip_intelligence_policy: description: - Specifies the IP intelligence policy applied to the virtual server. - This parameter requires a valid BIG-IP security module is provisioned, such as ASM or AFM. type: str firewall_enforced_policy: description: - Applies the specified AFM policy to the virtual in an enforcing way. - When creating a new virtual, if this parameter is not specified, the enforced policy is disabled. type: str default_persistence_profile: description: - Default profile which manages the session persistence. - If you want to remove the existing default persistence profile, specify an empty value; C(""). See the documentation for an example. - When C(type) is C(dhcp), this parameter is ignored. type: str fallback_persistence_profile: description: - Specifies the persistence profile you want the system to use if it cannot use the specified default persistence profile. - If you want to remove the existing fallback persistence profile, specify an empty value; C(""). See the documentation for an example. - When C(type) is C(dhcp), this parameter is ignored. type: str service_down_immediate_action: choices: - none - reset - drop description: - Specifies the immediate action to take upon the receipt of the initial SYN packet if the availability status of the virtual server is Offline or Unavailable. - Supported for virtual servers with a Type of C(standard) and Protocol of C(TCP). type: str version_added: 1.16.0 version_added_collection: f5networks.f5_modules
address_translation: description: The new value specifying whether address translation is on or off. returned: changed sample: true type: bool auto_last_hop: description: Specifies the autoLasthop value of the virtual server returned: changed sample: enabled type: str clone_pools: description: Pools to which virtual server copies traffic. returned: changed sample: - context: clientside pool_name: /Common/Pool1 type: list default_persistence_profile: description: Default persistence profile set on the virtual server. returned: changed sample: /Common/dest_addr type: str description: description: New description of the virtual server. returned: changed sample: This is my description type: str destination: description: Destination of the virtual server. returned: changed sample: 1.1.1.1 type: str disabled: description: Whether the virtual server is disabled or not. returned: changed sample: true type: bool disabled_vlans: description: List of VLANs that the virtual is disabled for. returned: changed sample: - /Common/vlan1 - /Common/vlan2 type: list enabled: description: Whether the virtual server is enabled or not. returned: changed sample: false type: bool enabled_vlans: description: List of VLANs that the virtual is enabled for. returned: changed sample: - /Common/vlan5 - /Common/vlan6 type: list fallback_persistence_profile: description: Fallback persistence profile set on the virtual server. returned: changed sample: /Common/source_addr type: str firewall_enforced_policy: description: The new enforcing firewall policy. returned: changed sample: /Common/my-enforced-fw type: str firewall_staged_policy: description: The new staging firewall policy. returned: changed sample: /Common/my-staged-fw type: str ip_intelligence_policy: description: The new IP Intelligence Policy assigned to the virtual. returned: changed sample: /Common/ip-intelligence type: str ip_protocol: description: The new value of the IP protocol. returned: changed sample: 6 type: int irules: description: iRules set on the virtual server. returned: changed sample: - /Common/irule1 - /Common/irule2 type: list metadata: description: The new value of the virtual. returned: changed sample: key1: foo key2: bar type: dict mirror: description: Specifies the system mirrors connections on each member of a redundant pair. returned: changed sample: true type: bool policies: description: List of policies attached to the virtual. returned: changed sample: - /Common/policy1 - /Common/policy2 type: list pool: description: Pool the virtual server is attached to. returned: changed sample: /Common/my-pool type: str port: description: Port the virtual server is configured to listen on. returned: changed sample: 80 type: int port_translation: description: The new value specifying whether port translation is on or off. returned: changed sample: true type: bool profiles: description: List of profiles set on the virtual server. returned: changed sample: - context: server-side name: tcp - context: client-side name: tcp-legacy type: list rate_limit: description: The maximum number of connections per second allowed for a virtual server. returned: changed sample: 5000 type: int rate_limit_dst_mask: description: Specifies a mask, in bits, to be applied to the destination address as part of the rate limiting. returned: changed sample: 32 type: int rate_limit_mode: description: Sets the type of rate limiting to be used on the virtual server. returned: changed sample: object-source type: str rate_limit_src_mask: description: Specifies a mask, in bits, to be applied to the source address as part of the rate limiting. returned: changed sample: 32 type: int security_log_profiles: description: The new list of security log profiles. returned: changed sample: - /Common/profile1 - /Common/profile2 type: list service_down_immediate_action: description: Action to take upon the receipt of the initial SYN packet if server is Offline or Unavailable. returned: changed sample: drop type: str snat: description: SNAT setting of the virtual server. returned: changed sample: Automap type: str source: description: Source address set on the virtual server, in CIDR format. returned: changed sample: 1.2.3.4/32 type: str source_port: description: Specifies whether the system preserves the source port of the connection. returned: changed sample: change type: str