Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

F5 VE in Azure - troubles with Sentinel integration



I'm having F5 Act/Stb cluster - 2 VMs in Azure with 2 traffic interfaces only (external, internal). I use BIG-IP 16.1.3 build 0.0.12
I'm trying for the first time in my life integrate it with Sentinel and so far I fail to do it succesfully.

When following this article: point by point:

  • Install telemetry extension goes well. I have 1.32.0 build 2 version (downloaded today). curl check is succesful
  • Create iRule - done
  • Create a pool to handle telemetry traffic - ends up with down by monitor. (Manual suggests to use tcp monitor).
    I tried to support with hints from: , where people suggest to add static route the via internal vlan:

net route telemetry {
    description "Allows monitor to work"
    interface /Common/internal

or changing port lockdown mode:

"One more note: the self IP on the chose VLAN you're using for routing the traffic needs to allow TCP 6514, either by setting the "port lockdown" to NONE or adding a custom port."

I tried to finish the manual, so:

  • Create a virtual server to listen for Telemetry traffic
  • Create a request-log profile
  • Attach the request logging profile to the virtual server

And when it comes to deploy the declaration (which I do via curl with .json file, I get:


Has anyone passed through some manual integrating F5 with Azure Sentinel succesfully?
Or maybe I'm doing here some obvious mistake?

Thanks in advance for your help


Community Manager
Community Manager

Hi @shadow82 - are you still having the issue? I see nobody from the community has answered yet, so I've forwarded your post to some colleagues to try to get a reply for you. Let us know if you've figured it out in the mean time!