About F5 LTM some question
Hello all, My structure is as follows All gateway is on Core SW. F5 LTM have SNAT. Clients must log in to the F5 web server with an AD account and password for load balancing.Why I always get a validation error on F5's Self_IP when I log in with AD account and password? Is path is " Client -> F5 LTM -> Web Server -> AD " ? Do I need to do any additional setup for F5 ? Any Help is appreciate.2Views0likes0CommentsAPM: Basic SSO is failing now and then
I have a strange issue and opened a case after lot of debugging, but I want to also ask you. I hope I am not the first and only one with this problem. I have a virtual server with an APM profile and a basic sso profile attached. Login and SSO works the most of the time without problems. But now and then the basic auth sso is failing. I investigated in this issue by writing an iRule to log the username/password combination at various stages: session.logon.last.password, session.sso.token.last.password and the password extracted from the basic auth header that was inserted by websso. On functional requests all three username/password combinations are identically. On a request with failing SSO the session.logon.last.password and session.sso.token.last.password are identical, but the password extracted from the basic auth header is different. Has anyone stumbled across a similar problem? I Have not found anything related here, in the F5 KB or in the BugTracker.18Views0likes2Commentsi4600 platform "Performance Layer 4" latency
What the expected latency on i4600 with "Performance Layer 4" VS type? H/W PVA acceleration is not available on i4600 platform, but 100-120 microseconds delay is too much. See no difference between "Standard" TCP and "Performance Layer 4".82Views0likes6CommentsSlowdown of login attempts on APM SSLVPN
Hello experts, I have a question about slowing down failed logins from automated sources Version: 16.1.4.1.0.50 Using APM for SSLVPN and LTM Problem: We have lots of attempts to "door knock" the VPN by trying random usernames - "admin" "chris", etc. So far we have blocked by country, but as it is only a blacklist we need to constantly update it and it's not a sustainable or clever solution. I know there are options for login slowdown on other WAF solutions and would like to see if what the options are on F5. By that I mean if a source IP address tries, say 3 times to login and fails every time then they have to wait 30 seconds, then if they try another 3 times they have to wait twice as long, 60 seconds. In this way we can slow down the login attempts as they mostly come repeatedly from the same IP addresses. At the moment we don't use ASM/AWAF, although I think it is an option according to the licence information: Best Bundle, VE-200M(Perpetual) ... ASM, VE ... Is there an APM feature to acheive this? That would obviously be the easiest. If ASM is needed, what is the simplest ASM option? Many thanks, PeterSolved34Views0likes2CommentsF5 CIS Deployment in OpenShift, CRD Mode
Hi everyone, Looking at the F5 documentation I understand that deploying the F5 BigIP Ctrl in CRD Mode is incompatible with Kubernetes Ingress objects. What would be the deployment model in which we have flexibility to use CRDs but also use standard Kubernetes Ingress or OpenShift Routes objects via F5? Regards Rares36Views0likes2CommentsAbout F5 ASM slow_transaction_timeout
Hello experts, I've recently been looking into ASM. https://my.f5.com/manage/s/article/K14199 I have a question about "slow_transaction_timeout" Does slow_transaction_timeout mean an request to "LTM" that ends after 10 seconds? Or does it mean to the backend server? Any help is appreciate.Solved35Views0likes2CommentsLatency between F5 and WAF
Hi, a Fortigate WAF was inserted into our network infrastructure before the F5 balancer. Now, the problem is this: we have two F5s in active/standby, when load balancer 1 is the active one, calls via the WAF have excessive latency; when load balancer 2 is active, however, communication is normal. The two balancers are perfectly equal. Have anyone any suggestions on what to investigate to resolve the issue? Thanks, regards46Views0likes3CommentsManagement Route and Pool members
Hi - i have have a VIP that is the front of Network Management Software(NMS) - meaning the pool members are NMS servers . that part works fine - and the pool members are UP - but i also need to run scp command copy ucs file to the NMS server - and that does not work . the F5 uses its self IP to scp to NMS which is not allowed . but management ip is allowed to ssh to NMS. so if i put a management-route in the pool starts FAILING health checks . and if i remove the management route . scp does not work. what would be the best way - other than allowing the self IP to ssh/scp to NMS. thanks44Views0likes2Comments