Featured Group Content
This section shows featured content the Group Owner has highlighted.Group Content
High Availability and Load Balancing for Single-Node CE with multiple ISP uplinks
I'm designing a deployment for an F5 Distributed Cloud (XC) Customer Edge (CE) on-premise and would like some guidance on the best practices for link redundancy. Scenario: Deployment: Single-node Customer Edge (CE). Connectivity: Three distinct ISP providers for internet access. Objective: Achieve High Availability (HA) and traffic balancing for the connectivity between the CE and the Regional Edges (RE). Traffic Flow: I will have a public Virtual Server on the RE, with Origin Pools located on-premise behind this CE. Goals: I want to ensure the best possible user experience and minimal latency/downtime if one of the ISP links fails. I’m looking for the best way to configure the CE to utilize all ISP links for its connection to the F5 XC Fabric. Handle failover automatically so that the RE-to-CE communication remains stable. Ensure the "shortest path" or best performing link is prioritized if possible. Are there any specific configuration in the XC that I should focus on for this dual-homed setup? Thanks in advance.
F5 Roles required for Catalog Items
Having difficulty mapping required roles for a group to have proper access to catalog items. If I create a group call Security-Team and I want them to manage the security like WAF (Web App * API Protection) and Bot Defense, Web App Scanning and whatever else the Security Team should be monitoring to keep our environment safe. What Roles are required for management? They don't need access to everything, just what is required for the application security. Then we have a group called Support-Teams that need ReadOnly access to everything so they can log into F5 XC and just view everything with no ability to make changes. Not sure what Roles would get assigned to this group. Both scenarios let's assume all namespaces. Any help or direction is most appreciated.F5 configured SP initiated SAML Authentication causing multiple Redirects
F5 configured (source-ip based) to talk to 2 IBM HTTP Servers and webservers are loadbalancing using Traditional loadbalancing (Round-Robin) and routing requests to 8 JVMs of a Websphere ND Cluster. 2 Applications are deployed with context root /maximo and /saml/acs on the same cluster. When SAML Authentication is triggered via F5. We have 2 scenarios to take care F5 :- HTTPSOFFLOAD is enabled with end to end validation using HTTPS only 1. https://abc.com/maximo URL loads successfully. No issues in Authentication to SAML. When loaded follows below path 1) Incognito Browser(User) requests resource from Service Provider (SP). 2) SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). 3) Since it is first login, User gives the (IdP) his/her valid credentials. 4) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page. 5) User receives the landing page. THIS IS WORKING 2. https://abc.com/maximo/ui/?event=loadapp&value=asset&changetab=viewtab&uniquid=123455 1) Incognito Browser(User) requests resource from Service Provider (SP). 2) SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). 3) Since it is first login, User gives the (IdP) his/her valid credentials. 4) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page. 5) Cannot find the resource and SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). 6) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page. 7) Cannot find the resource and SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). Keeps redirecting multiple times and Finally timeout is hit and doesnot respond at all. It keeps redirecting when long URL is challenged. Do we need to have special irules to retain JSESSIONID state or WAS - I see this is an issue with respect to Cookie persistence
Can I use XC as a TCP proxy and DDoS Protection?
Hello, experts! I’m a longtime BIG-IP user but a complete newbie to XC. I have a task and would love some guidance on the best way to approach it. The goal is to use XC as a TCP proxy and for DDoS protection. The scenario: A client has a distributed network of ATMs that connect to a server. XC should sit in front of the server as a TCP proxy. The requests come in via IP. A few questions: Which XC product should I use for this? TCP Load Balancer requires requests to come via a domain name, correct? Would I need a dedicated IP from XC in this case? Can DDoS protection be applied in this setup? Am I thinking about this correctly? Any insights or recommendations would be greatly appreciated!
Graceful Disconnect Query
We’re using Distributed Cloud and have this setup to load balancing between 2 Origin Pools where each origin pool contains servers at each of our 2 Datacenters. in the scenario where we have: active users with persistent session at each site requirement where we need to mark one site to not accept any new connections To allow existing users a grace period of x minutes before we force disconnect Requirement to perform patching on the servers at this particular site while users connect at the opposite site how is this achieved in Distributed Cloud. Is there an option anywhere to gracefully disconnect and set a maximum time to wait before any remaining active sessions are disconnected?
About Distributed Cloud Users
Discuss the integration of security, networking, and application delivery services
Open Group