F5 APM Failed to download configuration

Omer · ‎06-May-2020

Hi . My VPN clinet showing Disconnected with failed to download configuration error . Existing setup is :

F5 AWAF VE version 14.1.2.3 in front of APM . I have created LTM Virtual Server with pool member pointing to F5 APM Virtual Server . AWAF is in transparent mode currently . I tried to remove AWAF policy also but no luck .

F5 APM is running version 14.0.1 .

If i access directly from APM it is working fine . When try to access from ASM it is not working fine .

Error HOST CHostCtrl::OnTimer(), TUNNEL_SERVER_READY_CHECK - configuration read timed out

Error HOST \HostCtrl.h, CHostCtrl::Failed, Failed to download configuration (error: 0)

Error HOST \HostCtrl.h, CHostCtrl::Failed, Firing OnError event (message: Failed to download configuration)

Is this issue related to ciphers ?

Thanks

delv3chio · ‎07-May-2020

Hello Omer,

When using ASM with APM, you will need to use the 'virtual' command in an iRule on the layered ASM VS to point at the APM VS.

This would not work with a pool member pointing at an APM VS due to how APM fires related to ASM in the hudchain.

Please review the following article:

K54217479: How to protect APM virtual server with ASM

Additionally, there is a little more in depth article using Brute Force Protection:

K13315545: Configuring a BIG-IP ASM virtual server to protect a BIG-IP APM login page with brute for...

Hope that helps!

Omer · ‎07-May-2020

Thank you for the suggestion . In my case issue was in HTTP profile . I bypassed some of pages through policy . APM and ASM are in separate boxes .

DevCentral

F5 APM Failed to download configuration

MFA required on DevCentral