For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

fubarSUSHI's avatar
fubarSUSHI
Icon for Altocumulus rankAltocumulus
Jul 21, 2014

ACE configuration to 11.4.1

Im hoping if someone can help me understand what the configuration means and how to configure it via tmsh. 

 probe http test
  description test
  port 80
  interval 30
  passdetect interval 60
  receive 15
  request method get url /validation/default.aspx
 expect status 200 403
 hash B8477B9B88E90F12E3200660A70EB765
  header Host header-value "idk.howtoconfigurethis.net"
  open 15

So far I have this tmsh setup:

create ltm monitor http test defaults-from /Common/http description test destination *.80 interval 30 timeout 60 send /validation/default.aspx recv 200

Q1: What is the tmsh equivalent for "open 15"?

Q2: How to i configure the "expect status 200 403" via tmsh? I dont understand the 2nd variable of 403.

Q3: "header Host header-value "idk.howtoconfigurethis.net" I have no clue what to do with this?

Q4: What is "receive 15"? How do I configure that in tmsh?

Q5: Hash? Is there a way to create a monitor using hash?

Q6: The send string... how do I change it to look at HTTP1.1 traffic?
application delivery
deployment
LTM

2 Replies

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Jul 21, 2014

    Have you taken a look at the following conversion link?

     

    https://devcentral.f5.com/wiki/AdvDesignConfig.Cisco.ashx

     

    -=Bhattman=-

     

  • Andrew_94285's avatar
    Andrew_94285
    Icon for Nimbostratus rankNimbostratus
    Jul 22, 2014

    I'm new to BigIP, but I'll be in your boat very soon.

    First, you need to know what your current Probe is doing.

    Official Cisco-ese can be a bit dry. So, in short you have.

     probe http test   - command type name
 description test 
 port 80           - static port [real-server / member port is ignored]
 interval 30       - seconds between tests
 passdetect interval 60  - seconds between tests for a failed server
 receive 15        - seconds to wait for data/reply
 request method get url /validation/default.aspx  - retrieve file
 expect status 200 403  - pass if reply status is between 200 and 403, inclusive
 hash B8477B9B88E90F12E3200660A70EB765  - verifies the page content hash hasn't changed
 header Host header-value "idk.howtoconfigurethis.net"  - HTTP header sent to server
 open 15  - seconds to wait for initial SYN-ACK  [must be smaller than interval]

    I believe the following TMSH should get you close; only missing the hash check.

     monitor test '{ 
   defaults from http 
   description test 
   destination *:80 
   up-interval 30 
   interval 60 
   timeout 91 
   recv "HTTP/1\.(0|1) (2..|403)"
   send GET "/validation/default.aspx HTTP/1.1\r\nHost: idk.howtoconfigurethis.net\r\nConnection: Close\r\n\r\n"}'

    Should just need to remove the returns and enter it as one line in TMSH