I am working on a F5 LTM migration, where a pair of LTM running 14.1.x will be migrated to 2 VMs. All configs can be migrated via UCS loading, but there are LACP configured for their network interfaces. KB K85674611 already outlined the issue for LAC...
Hi All,I am pretty much new in F5 LTM. Currently I am working in a project where client wants to deploy F5 as a reverse proxy. It is band new F5 and has to configure anything till yet. Client has two application servers which are hosted inside their ...
Hi guys, I need help writing a dedicated script to do those things:# tmsh save /sys config file bigip.conf no-passphrase# netstat -nr > netroute.txtBoth of the files need to be sent to another server directory combining the device name + current date...
WAF send multiple logs combaimed togater to siem tool as unknown, how to solve this issue ? is there way to send the logs with clear name?
I have virtual server with port 443 and client certificate with pool of port 8080.so the Connection from client to WAF is 443 with certificate (HTTPS) and from WAF to server is 8080 with no certificate (HTTP). if I access the portal via WAF, the we...
Hello All I need you asssitance here. we launch a new service over our Bigip I7800 for Metro Customers Each customer has its own vlan , and VAS(NAT, DNS and more)the issue here that i am looking is to limit the customer bandwidth per vlan.i have tr...
Current we are using dns server integrated with AD, and all client ,server, device...point to these dns to resolve internal and resolve public domain. But dns hange some time when have server problem send more dns as ddos to DNS server and hang. If W...
Hello Guys!We have an internet facing LTM with public IPs. Currently, this LTM's default route points to a VRRP address (we have 2 routers for redundancy).On the same public VLAN, we have multiple virtual-servers.We are scheduling a maintenance windo...
I have a standard SSL virtual with a client and a serverssl profile. I need to create an iRule that does some content switching based on HTTP::uri. My virtual has a clientssl profile with an SSL certificate for www.foo.com that is sending SNI hostnam...
my requiremnet is if URI is something like /business/car/truck it shoud look for the "business " and change it as /company/car/truck..$Path_proxy= companywhen HTTP_REQUEST {set http_hostname [getfield [HTTP::host] : 1]set name [class match -value -- ...
Hello all, I would like to ask people who knows if possle to have ASM error pages such as Captcha, access denied, etc., to have them customized and translated and show appropriate language by GeoIP or browser defined language settings?I currently hav...
We have requirement where we have to be in middle to present the public certificate, so it will be like USER -- PUBLIC IP (fake.fqdn.com) which will be Natted to F5 VIP Address and On this F5 VIP we will be wanted to configure Pool members which is h...
Hi,im trying to connect to a site which has F5 security enabled.F5 says after system scan that i have failed Antivirus check, ( tried Avast, Avira )i am using Win 11 and Edge in IE mode.please help.Regards
Hi,We are working to implement a new VPN stream that ends on F5.Our goal is to terminate the SSL VPN on F5 but filter the traffic on the firewall, we don't want to do ACLs on F5.We need to set up a full tunnel.Our infrastructure is illustrated in a s...
I am trying to use F5 Distributed Cloud HTTP load balancer to select specific origin pool based on url hostname. Can you suggest how can I do it.On BIGIP-LIM we use irule and data group to accomplish that as we use multiple url behind same VIP.
Hello,I'm seeking advice on using an Irule to drop a connection when a certain condition is met in the URI. fid= followed by non numeric charectors. fid=1234 would pass. fid=13d4 would drop. Thanks!
Suggestion: Add the version number to be installed in the popupSuggestion Pro: Add the installed version number in the popup
All examples I have seen with iRules using 'connect' to generate a sideband connection use HTTP/1.0 or HTTP/1.1I am wondering if anyone has examples of, or knows how iRule sideband connections can be made using HTTP/2?I expect this to cause problems ...
Is there a way to insert basic auth header to the backend server?clinet http request dont have the basic auth header and would like to build an irule so when the request is received, the proxy inserts the basic auth header with the proper credentials...
We are using NGINX as a proxy server+load balancer for other servers on the same network that use Apache.For security, we want to apply a rate limiting per IP, so that if there are more than 100 requests in a second, or even more than 100 requests fo...
Hey guys,cause of an active-active DSC setup I don't want to work with routes. (Two gateways for the same subnet) I thought I could manage it with the "Auto Last Hop" feature which is enabled. Unfortunately the health check traffic is passing the man...
Good afternoon experts,We have someone who has a Win10 laptop, updated last week, new EDGE client installed, but the icon in the right lower corner is grey, even when the client is connected to the APMAny ideas what is causing this issue? Not causing...
Hello.I create this discussion because of the following problem I'm encountering.Here is the situation :I have multiple servers which are in a secure network zoneI have another server where nginx is installedThe NGINX server has access to a remote de...
i have an issue where this attack signature is blocking logins to my application with any emai address starting with parent.xxxxx@gmail.com or any other domain. I have tried the below suggestion to disable this specific attack signature however issue...
Hello,I've managed to run two F5 in different "Availability Zone" (in same VPC) from scratch and they can sync configuration objects that i created. CFE configuration took some time to figured out but eventually its is working right now. I have a cou...
Hello,I've needed an iRule to read query & query-type from dns packets and send them to remote syslog server. I found a couple of posts on devcentral but looks like they work if you have DNS / GTM license. So, i wrote one for my own needs.May be ther...
Hello,The "Oauth scope" agent expects to find and validate the bearer token in the request header variable called "Authorization", which is according to standard. My question is, is it possible to "instruct" the Oauth scope agent to read the bearer t...
Hello I'm Hakeem. I have a question, so I write a post.Thanks for reading.Looking at the K6430267 document,By default, log files are saved between 3 and 4 am.Why? I wonder what the reason is.https://support.f5.com/csp/article/K64302672---------------...
Preface: Yes I know not a whole lot but I'm trying. If someone could just take a look at this and maybe it will help me find what piece I am missing.We have an internal server that needs to be accessed on the outside, but they don't want it actually ...
We are using APM for OTP authentication , The problem is that there are a number of users who on purpose make the first registration using the username and password, then after the OTP-code arrives, they open another tab in the browser and request a ...
