Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

Forum Posts

Resolved! F5 Rules for AWS WAF - CVE-2021-22118 & CVE-2016-1000027

Hello,We're checking in the AWS marketplace for the F5 Rules for AWS WAF - Common Vulnerabilities and Exposures (CVE) Rules and want to check if the following CVEs are covered by this rule set?CVE-2021-22118: Local Privilege Escalation within Spring ...

chanzk by Altostratus
  • 11 replies
  • 0 kudos

Bandwidth controller on APM PPP interface

We would like to limit the bandwidth utilization for a specific traffic stream from APM Big IP Edge client VPN users connected to the F5 Big IP APM. This traffic is tunneled on the PPP interface and I am wondering if we can someway apply a bandwidth ...

Marvin by Cirrocumulus
  • 1 replies
  • 0 kudos

APM logon to multiple directories in same flow

Hi All,I am new to APM and have been tasked to migrate our company away from Novell EDIR.     We have both EDIR and AD and our current APM auth scheme calls EDIR in per session and checks group membership in per request.   Most of my users could get ...

ktm_2000 by Nimbostratus
  • 3 replies
  • 0 kudos

RestApi Backup current certificate and Import new one

Hi I want to make some RestApi Script that uploads new PFX but before it override the correct one this will backup the old one Another question can I check via restapi the instance for certificate - like I have in GUI - I try to check in /mgmt/tm/sys...

igorzhuk by Altostratus
  • 1 replies
  • 0 kudos

Turn off SNAT selectively

Hi!I have F5 VE Act/Stb cluster running 16.1.3 build 0.0.12 with a single external VServer full of LTM policies that redirect traffic to internal VServer on the same F5 and next it's going towards resources behind F5 using it's internal network.Exter...


Upgrade Directly from 14.1.5 to 16.1.3

Hi Experts, Please confirm one thing: are there any known issues or bugs for upgrading from  to  version : Version: We can directly upgrade from to, right ?

Resolved! Cipher Suites Supported (

Hi, I am trying to adjust the SSL profile of a service to get grade A in SSL Labs.The machine the virtual server runs on is:---Sys::VersionMain PackageProduct BIG-IPVersion 0.16.5Edition Engineering HotfixDate Tue Mar 9 12:02:22 PST 202...

add_info.jpg ciphersuites_test.jpg
Martin182 by Nimbostratus
  • 7 replies
  • 0 kudos

Resolved! VIP-targeting-VIP solution using Standard and performance L4 VS

Is it possible to configure followingdecrypted application traffic processed in performance L4 virtual server where in the CLient facing Standard virtual server will be performing SSL offloading function using irule redirect.#irule on standard server...

mrege by Altocumulus
  • 13 replies
  • 0 kudos

BIGTCP::release_flow on HTTP virtual server

Hello,I have a virtual server standard+http which relies on an HTTP header for persistence. Only the very first HTTP request matter, I do not need HTTP parsing for the rest of the session. Unfortunatly the load is very high on this virtual server and...

PMA by Nimbostratus
  • 2 replies
  • 0 kudos

Resolved! Number of DCDs

Hello, I saw in a few F5 docs that installing three DCDs instead of one or two is more recommended.I understood the benefit of two DCDs due to the redundancy of replicas, but why is it recommended to have three? We need to understand how much resourc...

MaxMedov by Cirrostratus
  • 3 replies
  • 0 kudos

BIGIQ Applications and Resources

Hello, is there any limit number of applications/services that can be created on the BIGIQ?Is monitoring the BIGIQ in any way loading the resources of the BIGIP devices?I've already TCP/HTTP analytic profiles and WAF event logs in BIGIQ.Is the applic...

MaxMedov by Cirrostratus
  • 7 replies
  • 0 kudos

APM Password policy

DearsWe need to enable the password policy on IT-Admin accounts as per the below details, Is the below ok, or what is recommended? Is there any impact?  

Ireda by Cirrus
  • 6 replies
  • 0 kudos

Resolved! Bot Signature based on the referer header

Hi,Can we create a bot signature based on the "referer" header? Many requests that we receive in a Virtual Server (VS) are legitimate, but they are categorized as "Suspicious Browser." We would like to distinguish them if they have a specific referer...

marta_sl by Nimbostratus
  • 2 replies
  • 0 kudos

Resolved! adding pool members in cli

I am trying to figure out what i am leaving out.  I am creating a fqdn node, creating a pool, and then adding the fqdn node to the pool.  when i do this through the cli the pool only returns one ip address,  when there should be two ip addresses list...

Resolved! LTM Certificate expire

HelloMy LTM certificate will expire, How can I renew it without repeating it again?If I take ASM, GTM or APM will renew it!

Ireda by Cirrus
  • 4 replies
  • 0 kudos

active directory with call CN or OU f5 login authentication

Hi expert i want to ask how to configure call CN or OU active directory authentication on f5Group Name Line Order Attribute String     PJKD               1000           memberOF=CN=xxxx ,OU=Group,DC=int,DC=pk,DC=go,DC=id Administrator All Enabledi do...

herdi by Altostratus
  • 5 replies
  • 0 kudos

explanation about tmm usage

Hi Folks!i need a clarification about tmm usage on BIG-IP appliances.i have a guest hosted by a VIPRION (C2400), with 4 assigned cores and an high CPU utilization.During my investigation i found out that connections use only 2 tmm processes: (slot/tm...

Sizing the AWAF

Dear ExpertsHow i can size the AWAF, do we have an datasheet, the below is been referred for LTM

Big IQ and ELK intergration

Hi, Is there a way to intergrate Big-IQ with ELK? The scenario is instead of big-ip sending to ELK, is it possible that Big IQ the one to send data to ELK? Thank you.

Fan Speed on BigIP 2000 device pls help!

Hi! AllCan someone help fix high fan and noise ?Sys BigIP 2000 with same systems have same problemsFan always work at maximum speed at 12K RPM (((( with no overheat and low CPU and etc temps ... Chassis Temperature StatusIndex Lo Li...

Den-78 by Nimbostratus
  • 3 replies
  • 0 kudos


Need help for the monitor string send string and receive string

APM - Do not send OTP if AD password needs changing

Hi Everyone,I have a virtual LTM-APM sitting front of a SharePoint 2019 deployment.  We have an APM policy attached to the VIPs which authenticates users and then sends an OTP via email for login.  All works swimmingly!  Some of testers noticed that ...

BIG-IP Next Virtual Edition

Hai All,I've trial license for BIG-IP Next Virtualize Edition with Ubuntu LTS 20 OS. I've downloaded the ova and running it on my vmware but want to know how to do next step for this, but unfortunately no found any source related to for guidance how ...

yogakswr by Altostratus
  • 5 replies
  • 0 kudos


I need help because i dont know how can i see my license of Nginx Plus. Thanks.

pirson by Nimbostratus
  • 1 replies
  • 0 kudos

Resolved! session.client.hostname

Hello to all,For some reason I am not able to log the APM session variable session.client.hostnameFor instance the session.client.type does get logged. For teste I  put them both in the irule.Any ideas about this? The variable is available as seen un...

DevP by Altostratus
  • 1 replies
  • 0 kudos