21-Mar-2023 12:57 - edited 21-Mar-2023 12:58
Hi!
I'm having F5 Act/Stb cluster - 2 VMs in Azure with 2 traffic interfaces only (external, internal). I use BIG-IP 16.1.3 build 0.0.12
I'm trying for the first time in my life integrate it with Sentinel and so far I fail to do it succesfully.
When following this article: https://my.f5.com/manage/s/article/K85539421 point by point:
https://community.f5.com/t5/technical-articles/deploying-big-ip-telemetry-streaming-with-azure-senti... , where people suggest to add static route the via internal vlan:
net route telemetry { description "Allows monitor to work" interface /Common/internal network 255.255.255.254/32
or changing port lockdown mode:
"One more note: the self IP on the chose VLAN you're using for routing the 255.255.255.254 traffic needs to allow TCP 6514, either by setting the "port lockdown" to NONE or adding a custom port."
I tried to finish the manual, so:
And when it comes to deploy the declaration (which I do via curl with .json file, I get:
Has anyone passed through some manual integrating F5 with Azure Sentinel succesfully?
Or maybe I'm doing here some obvious mistake?
Thanks in advance for your help
27-Mar-2023 16:27
Hi @shadow82 - are you still having the issue? I see nobody from the community has answered yet, so I've forwarded your post to some colleagues to try to get a reply for you. Let us know if you've figured it out in the mean time!