Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Using shared object with BigIP

Go to solution
Ed_Martens
Cirrus
Cirrus

‎15-Jul-2022 02:23 - edited ‎15-Jul-2022 02:24

Hi,
Just a "stupid" question:

Is there a reason  NOT to use Shared object address list's with a VS?

In contrast  using  multiple VS configurations (when only destination address is the difference).

 

Like to hear you thoughts

Labels:
1 ACCEPTED SOLUTION

Go to solution
StephanManthey
MVP
MVP
In response to Ed_Martens

‎15-Jul-2022 02:49

Please lookup your /config/bigip_base.conf for the ACL related configuration objects.

The shared objects concept may significantly reduce the number of configuration objects, i.e. mixing IPv4/IPv6 source/destination addresse in lists. Same story for destination ports.

View solution in original post

7 REPLIES 7

Go to solution
StephanManthey
MVP
MVP

‎15-Jul-2022 02:42

When using shared objects some ACL mechanisms are applied in the background.

In the past I saw some issues there (especially in the context of route domains), which seem to be fixed in the current TMOS v15.1.5.1.

0 Kudos

Go to solution
Ed_Martens
Cirrus
Cirrus
In response to StephanManthey

‎15-Jul-2022 02:45

Hi Stephan,
Thanks for the response. This is the same version we are running at the moment 😉

0 Kudos

Go to solution
StephanManthey
MVP
MVP
In response to Ed_Martens

‎15-Jul-2022 02:49

Please lookup your /config/bigip_base.conf for the ACL related configuration objects.

The shared objects concept may significantly reduce the number of configuration objects, i.e. mixing IPv4/IPv6 source/destination addresse in lists. Same story for destination ports.

Go to solution
Ed_Martens
Cirrus
Cirrus
In response to StephanManthey

‎15-Jul-2022 02:58

The mix of IPv4/IPv6 is exactly why I want to use it.
Butissues will also be there , no matter what solution you will implement.
My biggest "concern" is making 2 VS (1 IPv4 and 1 IPv6) is that you need to do every config change twice. Which is a potential problem, as somebody making changes to only one VS.


By the ACL in the config file you mean "security firewall address-list"  As they must be/should be the same as the configured lists?

Go to solution
LiefZimmerman
Community Manager
Community Manager
In response to Ed_Martens

‎19-Jul-2022 10:02

Doesn't seem this is quite sorted yet? @Ed_Martens - have you come to any new understandings here? or is this still a potential problem?

I'd be happy to get some Eng's to take a look here if what @StephanManthey said isn't 'the final word'.

0 Kudos

Go to solution
Ed_Martens
Cirrus
Cirrus
In response to LiefZimmerman

‎20-Jul-2022 01:09

Hi,
It is not a problem,

But he answer is in the line of my own thoughts.
I'll "Accept the Solution"

Go to solution
Ed_Martens
Cirrus
Cirrus
In response to Ed_Martens

‎20-Jul-2022 06:10

It is pitty, shared objects for us is not working.
We have a VS which configures the F5 a transparant proxy, VS with destination address 0.0.0.0/0 and port 443.
So we are running against https://support.f5.com/csp/article/K47569205
Pitty

Copyright © 2023 Khoros, LLC