Featured Group Content
This section shows featured content the Group Owner has highlighted.Group Content
F5 Roles required for Catalog Items
Having difficulty mapping required roles for a group to have proper access to catalog items. If I create a group call Security-Team and I want them to manage the security like WAF (Web App * API Protection) and Bot Defense, Web App Scanning and whatever else the Security Team should be monitoring to keep our environment safe. What Roles are required for management? They don't need access to everything, just what is required for the application security. Then we have a group called Support-Teams that need ReadOnly access to everything so they can log into F5 XC and just view everything with no ability to make changes. Not sure what Roles would get assigned to this group. Both scenarios let's assume all namespaces. Any help or direction is most appreciated.
F5 configured SP initiated SAML Authentication causing multiple Redirects
F5 configured (source-ip based) to talk to 2 IBM HTTP Servers and webservers are loadbalancing using Traditional loadbalancing (Round-Robin) and routing requests to 8 JVMs of a Websphere ND Cluster. 2 Applications are deployed with context root /maximo and /saml/acs on the same cluster. When SAML Authentication is triggered via F5. We have 2 scenarios to take care F5 :- HTTPSOFFLOAD is enabled with end to end validation using HTTPS only 1. https://abc.com/maximo URL loads successfully. No issues in Authentication to SAML. When loaded follows below path 1) Incognito Browser(User) requests resource from Service Provider (SP). 2) SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). 3) Since it is first login, User gives the (IdP) his/her valid credentials. 4) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page. 5) User receives the landing page. THIS IS WORKING 2. https://abc.com/maximo/ui/?event=loadapp&value=asset&changetab=viewtab&uniquid=123455 1) Incognito Browser(User) requests resource from Service Provider (SP). 2) SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). 3) Since it is first login, User gives the (IdP) his/her valid credentials. 4) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page. 5) Cannot find the resource and SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). 6) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page. 7) Cannot find the resource and SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). Keeps redirecting multiple times and Finally timeout is hit and doesnot respond at all. It keeps redirecting when long URL is challenged. Do we need to have special irules to retain JSESSIONID state or WAS - I see this is an issue with respect to Cookie persistence
Can I use XC as a TCP proxy and DDoS Protection?
Hello, experts! I’m a longtime BIG-IP user but a complete newbie to XC. I have a task and would love some guidance on the best way to approach it. The goal is to use XC as a TCP proxy and for DDoS protection. The scenario: A client has a distributed network of ATMs that connect to a server. XC should sit in front of the server as a TCP proxy. The requests come in via IP. A few questions: Which XC product should I use for this? TCP Load Balancer requires requests to come via a domain name, correct? Would I need a dedicated IP from XC in this case? Can DDoS protection be applied in this setup? Am I thinking about this correctly? Any insights or recommendations would be greatly appreciated!
Graceful Disconnect Query
We’re using Distributed Cloud and have this setup to load balancing between 2 Origin Pools where each origin pool contains servers at each of our 2 Datacenters. in the scenario where we have: active users with persistent session at each site requirement where we need to mark one site to not accept any new connections To allow existing users a grace period of x minutes before we force disconnect Requirement to perform patching on the servers at this particular site while users connect at the opposite site how is this achieved in Distributed Cloud. Is there an option anywhere to gracefully disconnect and set a maximum time to wait before any remaining active sessions are disconnected?
failed to find TLS certificate objects, no entry finder provided
I'm trying to setup TLS @ the Cluster Level on the backend connection to the Origin Endpoint. The front end between the client and the HTTP load balancer works fine, but when i attempt to configure TLS @ the cluster level for a route, i get this error: failed to find TLS certificate objects, no entry finder provided when saving changes to the cluster in the gui. I'm quite certain i have the proper CA cert uploaded..and i've tried adding the trust chain into the same cert--both with or without the intermediate chain in the CA cert, i get the same error. Does anyone have any thoughts on what might be wrong here?
New feature required in XC ?
Hi, I have a suggestion regarding the F5 distributed cloud. Currently there is no feature available that can confirm that the configurations are successful, the only option we can see is the difference in configurations between old and new configurations. there should be an option which should able to confirm that whether the configuration is deployed or not. there is response option but it only shows {}. is there any such option available ?
About Distributed Cloud Users
Discuss the integration of security, networking, and application delivery services
Open Group