| Parameter | Choices/Defaults | Comments | 
                
                                                            | address_translation 
                    boolean
                                                                 added in 2.6 |  | Specifies, when enabled, that the system translates the address of the virtual server. When disabled, specifies that the system uses the address without translation. This option is useful when the system is load balancing devices that have the same IP address. When creating a new virtual server, the default is enabled. | 
                            
                                                            | clone_pools 
                    list
                                                                 added in 2.8 |  | Specifies a pool or list of pools that the virtual server uses to replicate either client-side or server-side traffic. Typically this option is used for intrusion detection. | 
                                                        
                                                |  | context 
                    string
                                                                 | Choices:
                                                                                                                                                            clientsideserverside | The context option for a clone pool to replicate either client-side or server-side traffic. | 
                            
                                                |  | pool_name 
                    string
                                             / required                     |  | The pool name to which the server replicates the traffic. Only pools created on Common partition or on the same partition as the virtual server can be used. Referencing pool on common partition needs to be done in the full path format, for example, /Common/pool_name. | 
                                            
                                                            | default_persistence_profile 
                    string
                                                                 |  | Default Profile which manages the session persistence. If you want to remove the existing default persistence profile, specify an empty value; "". See the documentation for an example. When typeisdhcp, this parameter will be ignored. | 
                            
                                                            | description 
                    string
                                                                 |  | Virtual server description. | 
                            
                                                            | destination 
                    string
                                                                 |  | Destination IP of the virtual server. Required when stateispresentand virtual server does not exist. When typeisinternal, this parameter is ignored. For all other types, it is required. Destination can also be specified as a name for an existing Virtual Address. aliases: address, ip
 | 
                            
                                                            | disabled_vlans 
                    list
                                                                 added in 2.5 |  | List of VLANs to be disabled. If the partition is not specified in the VLAN, then the partitionoption of this module will be used. This parameter is mutually exclusive with the enabled_vlansparameters. | 
                            
                                                            | enabled_vlans 
                    list
                                                                 |  | List of VLANs to be enabled. When a VLAN named allis used, all VLANs will be allowed. VLANs can be specified with or without the leading partition. If the partition is not specified in the VLAN, then thepartitionoption of this module will be used. This parameter is mutually exclusive with the disabled_vlansparameter. | 
                            
                                                            | fallback_persistence_profile 
                    string
                                                                 |  | Specifies the persistence profile you want the system to use if it cannot use the specified default persistence profile. If you want to remove the existing fallback persistence profile, specify an empty value; "". See the documentation for an example. When typeisdhcp, this parameter will be ignored. | 
                            
                                                            | firewall_enforced_policy 
                    string
                                                                 added in 2.6 |  | Applies the specify AFM policy to the virtual in an enforcing way. When creating a new virtual, if this parameter is not specified, the enforced policy is disabled. | 
                            
                                                            | firewall_staged_policy 
                    string
                                                                 added in 2.6 |  | Applies the specify AFM policy to the virtual in an enforcing way. A staged policy shows the results of the policy rules in the log, while not actually applying the rules to traffic. When creating a new virtual, if this parameter is not specified, the staged policy is disabled. | 
                            
                                                            | insert_metadata 
                    boolean
                                                                 added in 2.8 |  | When set to noit will not set metadata on the device. Currently there is a limitation that non-admin users cannot set metadata on the object, despite being able to create and modify virtual server objects, setting this option to nowill allow such users to utilize this module to manage Virtual Server objects on the device. | 
                            
                                                            | ip_intelligence_policy 
                    string
                                                                 added in 2.8 |  | Specifies the IP intelligence policy applied to the virtual server. This parameter requires that a valid BIG-IP security module such as ASM or AFM be provisioned. | 
                            
                                                            | ip_protocol 
                    string
                                                                 added in 2.6 | Choices:
                                                                                                                                                            ahanybnaespetheripgreicmpipencapipv6ipv6-authipv6-cryptipv6-icmpisp-ipmuxospfsctptcpudpudplite | Specifies a network protocol name you want the system to use to direct traffic on this virtual server. When creating a new virtual server, if this parameter is not specified, the default is tcp. The Protocol setting is not available when you select Performance (HTTP) as the Type. The value of this argument can be specified in either it's numeric value, or, for convenience, in a select number of named values. Refer to choicesfor examples. For a list of valid IP protocol numbers, refer to this page https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers When typeisdhcp, this module will force theip_protocolparameter to be17(UDP). | 
                            
                                                            | irules 
                    list
                                                                 |  | List of rules to be applied in priority order. If you want to remove existing iRules, specify a single empty value; "". See the documentation for an example. When typeisdhcp, this parameter will be ignored. When typeisstateless, this parameter will be ignored. When typeisreject, this parameter will be ignored. When typeisinternal, this parameter will be ignored. aliases: all_rules
 | 
                            
                                                            | mask 
                    string
                                                                 added in 2.8 |  | Specifies the destination address network mask. This parameter will work with IPv4 and IPv6 type of addresses. This is an optional parameter which can be specified when creating or updating virtual server. If destinationis set in CIDR notation format andmaskis provided themaskparameter takes precedence. If catchall destination is specified, i.e. 0.0.0.0for IPv4::for IPv6, mask parameter is set toanyorany6respectively. When the destinationis provided not in CIDR notation andmaskis not specified,255.255.255.255orffff:ffff:ffff:ffff:ffff:ffff:ffff:ffffis set for IPv4 and IPv6 addresses respectively. When destinationis provided in CIDR notation format andmaskis not specified the mask parameter is inferred fromdestination. When destinationis provided as Virtual Address name, andmaskis not specified, the mask will beNoneallowing device set it with its internal defaults. | 
                            
                                                            | metadata 
                    raw
                                                                 added in 2.5 |  | Arbitrary key/value pairs that you can attach to a virtual server. This is useful in situations where you might want to annotate a virtual to be managed by Ansible. Key names will be stored as strings; this includes names that are numbers. Values for all of the keys will be stored as strings; this includes values that are numbers. Data will be persisted, not ephemeral. | 
                            
                                                            | mirror 
                    boolean
                                                                 added in 2.8 |  | Specifies that the system mirrors connections on each member of a redundant pair. When creating a new virtual server, if this parameter is not specified, the default is disabled. | 
                            
                                                            | name 
                    string
                                             / required                     |  | Virtual server name. aliases: vs
 | 
                            
                                                            | partition 
                    string
                                                                 added in 2.5 | Default: 
 "Common" | Device partition to manage resources on. | 
                            
                                                            | policies 
                    list
                                                                 |  | Specifies the policies for the virtual server. When typeisdhcp, this parameter will be ignored. When typeisreject, this parameter will be ignored. When typeisinternal, this parameter will be ignored. aliases: all_policies
 | 
                            
                                                            | pool 
                    string
                                                                 |  | Default pool for the virtual server. If you want to remove the existing pool, specify an empty value; "". See the documentation for an example. When creating a new virtual server, and typeisstateless, this parameter is required. If typeisstateless, thepoolthat is used must not have any members which define arate_limit. | 
                            
                                                            | port 
                    string
                                                                 |  | Port of the virtual server. Required when stateispresentand virtual server does not exist. If you do not want to specify a particular port, use the value 0. The result is that the virtual server will listen on any port. When typeisdhcp, this module will force theportparameter to be67. When typeisinternal, this module will force theportparameter to be0. In addition to specifying a port number, a select number of service names may also be provided. The string ftpmay be substituted for for port21. The string httpmay be substituted for for port80. The string httpsmay be substituted for for port443. The string telnetmay be substituted for for port23. The string smtpmay be substituted for for port25. The string snmpmay be substituted for for port161. The string snmp-trapmay be substituted for for port162. The string sshmay be substituted for for port22. The string tftpmay be substituted for for port69. The string isakmpmay be substituted for for port500. The string mqttmay be substituted for for port1883. The string mqtt-tlsmay be substituted for for port8883. | 
                            
                                                            | port_translation 
                    boolean
                                                                 added in 2.6 |  | Specifies, when enabled, that the system translates the port of the virtual server. When disabled, specifies that the system uses the port without translation. Turning off port translation for a virtual server is useful if you want to use the virtual server to load balance connections to any service. When creating a new virtual server, the default is enabled. | 
                            
                                                            | profiles 
                    list
                                                                 |  | List of profiles (HTTP, ClientSSL, ServerSSL, etc) to apply to both sides of the connection (client-side and server-side). If you only want to apply a particular profile to the client-side of the connection, specify client-sidefor the profile'scontext. If you only want to apply a particular profile to the server-side of the connection, specify server-sidefor the profile'scontext. If contextis not provided, it will default toall. If you want to remove a profile from the list of profiles currently active on the virtual, then simply remove it from the profileslist. See examples for an illustration of this. If you want to add a profile to the list of profiles currently active on the virtual, then simply add it to the profileslist. See examples for an illustration of this. Profiles matter. This module will fail to configure a BIG-IP if you mix up your profiles, or, if you attempt to set an IP protocol which your current, or new, profiles do not support. Both this module, and BIG-IP, will tell you when you are wrong, with an error resembling lists profiles incompatible with its protocol. If you are unsure what correct profile combinations are, then have a BIG-IP available to you in which you can make changes and copy what the correct combinations are. aliases: all_profiles
 | 
                                                        
                                                |  | context 
                    string
                                                                 | Choices:
                                                                                                                                                            all ←server-sideclient-side | The side of the connection on which the profile should be applied. | 
                            
                                                |  | name 
                    string
                                                                 |  | Name of the profile. If this is not specified, then it is assumed that the profile item is only a name of a profile. This must be specified if a context is specified. | 
                                            
                                                            | provider 
                    dictionary
                                                                 added in 2.5 |  | A dict object containing connection details. | 
                                                        
                                                |  | auth_provider 
                    string
                                                                 |  | Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | 
                            
                                                |  | password 
                    string
                                             / required                     |  | The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD. aliases: pass, pwd
 | 
                            
                                                |  | server 
                    string
                                             / required                     |  | The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER. | 
                            
                                                |  | server_port 
                    integer
                                                                 | Default: 
 443 | The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT. | 
                            
                                                |  | ssh_keyfile 
                    path
                                                                 |  | Specifies the SSH keyfile to use to authenticate the connection to the remote device.  This argument is only used for cli transports. You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE. | 
                            
                                                |  | timeout 
                    integer
                                                                 |  | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. | 
                            
                                                |  | transport 
                    string
                                                                 |  | Configures the transport connection to use when connecting to the remote device. | 
                            
                                                |  | user 
                    string
                                             / required                     |  | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER. | 
                            
                                                |  | validate_certs 
                    boolean
                                                                 |  | If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable F5_VALIDATE_CERTS. | 
                                            
                                                            | rate_limit 
                    integer
                                                                 added in 2.8 |  | Virtual server rate limit (connections-per-second). Setting this to 0 disables the limit. The valid value range is 0-4294967295. | 
                            
                                                            | rate_limit_dst_mask 
                    integer
                                                                 added in 2.8 |  | Specifies a mask, in bits, to be applied to the destination address as part of the rate limiting. The default value is 0, which is equivalent to using the entire address -32in IPv4, or128in IPv6. The valid value range is 0-4294967295. | 
                            
                                                            | rate_limit_mode 
                    string
                                                                 added in 2.8 | Choices:
                                                                                                                                                            object ←object-sourceobject-destinationobject-source-destinationdestinationsourcesource-destination | Indicates whether the rate limit is applied per virtual object, per source address, per destination address, or some combination thereof. The default value is 'object', which does not use the source or destination address as part of the key. | 
                            
                                                            | rate_limit_src_mask 
                    integer
                                                                 added in 2.8 |  | Specifies a mask, in bits, to be applied to the source address as part of the rate limiting. The default value is 0, which is equivalent to using the entire address -32in IPv4, or128in IPv6. The valid value range is 0-4294967295. | 
                            
                                                            | security_log_profiles 
                    list
                                                                 added in 2.6 |  | Specifies the log profile applied to the virtual server. To make use of this feature, the AFM module must be licensed and provisioned. The Log all requestsandLog illegal requestsare mutually exclusive and therefore, this module will raise an error if the two are specified together. | 
                            
                                                            | security_nat_policy 
                    dictionary
                                                                 added in 2.7 |  | Specify the Firewall NAT policies for the virtual server. You can specify one or more NAT policies to use. The most specific policy is used. For example, if you specify that the virtual server use the device policy and the route domain policy, the route domain policy overrides the device policy. | 
                                                        
                                                |  | policy 
                    string
                                                                 |  | Policy to apply a NAT policy directly to the virtual server. The virtual server NAT policy is the most specific, and overrides a route domain and device policy, if specified. To remove the policy, specify an empty string value. | 
                            
                                                |  | use_device_policy 
                    boolean
                                                                 |  | Specify that the virtual server uses the device NAT policy, as specified in the Firewall Options. The device policy is used if no route domain or virtual server NAT setting is specified. | 
                            
                                                |  | use_route_domain_policy 
                    boolean
                                                                 |  | Specify that the virtual server uses the route domain policy, as specified in the Route Domain Security settings. When specified, the route domain policy overrides the device policy, and is overridden by a virtual server policy. | 
                                            
                                                            | snat 
                    string
                                                                 |  | Source network address policy. When typeisdhcp, this parameter is ignored. When typeisreject, this parameter will be ignored. When typeisinternal, this parameter will be ignored. The name of a SNAT pool (eg "/Common/snat_pool_name") can be specified to enable SNAT with the specific pool. To remove SNAT, specify the word none. To specify automap, use the word automap. | 
                            
                                                            | source 
                    string
                                                                 added in 2.5 |  | Specifies an IP address or network from which the virtual server accepts traffic. The virtual server accepts clients only from one of these IP addresses. For this setting to function effectively, specify a value other than 0.0.0.0/0 or ::/0 (that is, any/0, any6/0). In order to maximize utility of this setting, specify the most specific address prefixes covering all customer addresses and no others. Specify the IP address in Classless Inter-Domain Routing (CIDR) format; address/prefix, where the prefix length is in bits. For example, for IPv4, 10.0.0.1/32 or 10.0.0.0/24, and for IPv6, ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. | 
                            
                                                            | source_port 
                    string
                                                                 added in 2.8 | Choices:
                                                                                                                                                            preservepreserve-strictchange | Specifies whether the system preserves the source port of the connection. When creating a new virtual server, if this parameter is not specified, the default is preserve. | 
                            
                                                            | state 
                    string
                                                                 | Choices:
                                                                                                                                                            present ←absentenableddisabled | The virtual server state. If absent, delete the virtual server if it exists.presentcreates the virtual server and enable it. Ifenabled, enable the virtual server if it exists. Ifdisabled, create the virtual server if needed, and set state todisabled. | 
                            
                                                            | type 
                    string
                                                                 added in 2.6 | Choices:
                                                                                                                                                            standard ←forwarding-l2forwarding-ipperformance-httpperformance-l4statelessrejectdhcpinternalmessage-routing | Specifies the network service provided by this virtual server. When creating a new virtual server, if this parameter is not provided, the default will be standard. This value cannot be changed after it is set. When standard, specifies a virtual server that directs client traffic to a load balancing pool and is the most basic type of virtual server. When you first create the virtual server, you assign an existing default pool to it. From then on, the virtual server automatically directs traffic to that default pool. When forwarding-l2, specifies a virtual server that shares the same IP address as a node in an associated VLAN. When forwarding-ip, specifies a virtual server like other virtual servers, except that the virtual server has no pool members to load balance. The virtual server simply forwards the packet directly to the destination IP address specified in the client request. When performance-http, specifies a virtual server with which you associate a Fast HTTP profile. Together, the virtual server and profile increase the speed at which the virtual server processes HTTP requests. When performance-l4, specifies a virtual server with which you associate a Fast L4 profile. Together, the virtual server and profile increase the speed at which the virtual server processes layer 4 requests. When stateless, specifies a virtual server that accepts traffic matching the virtual server address and load balances the packet to the pool members without attempting to match the packet to a pre-existing connection in the connection table. New connections are immediately removed from the connection table. This addresses the requirement for one-way UDP traffic that needs to be processed at very high throughput levels, for example, load balancing syslog traffic to a pool of syslog servers. Stateless virtual servers are not suitable for processing traffic that requires stateful tracking, such as TCP traffic. Stateless virtual servers do not support iRules, persistence, connection mirroring, rateshaping, or SNAT automap. When reject, specifies that the BIG-IP system rejects any traffic destined for the virtual server IP address. When dhcp, specifies a virtual server that relays Dynamic Host Control Protocol (DHCP) client requests for an IP address to one or more DHCP servers, and provides DHCP server responses with an available IP address for the client. When internal, specifies a virtual server that supports modification of HTTP requests and responses. Internal virtual servers enable usage of ICAP (Internet Content Adaptation Protocol) servers to modify HTTP requests and responses by creating and applying an ICAP profile and adding Request Adapt or Response Adapt profiles to the virtual server. When message-routing, specifies a virtual server that uses a SIP application protocol and functions in accordance with a SIP session profile and SIP router profile. |