Default global parameters in F5 LTM and AFM
Hi F5 Community, We would to like ask if there's a way in F5 thru TMSH command wherein we check or show all the default parameters or global variables set in F5? Which we will export to a notepad or excel so that we can made a comparison from one existing system to a new one. Thank you in advance who will be able to help us in our inquiry.Solved62Views0likes6CommentsCan F5 be in Bridge Mode or a L2 DDOS to protect from L3-L4 DDOS attack
Hi F5 community, We just want to consult if F5 rSeries models ( Active-Standby HA setup ) with AFM license is capable to do bridge mode to cater L3-L4 DDOS protection before it goes to Internet Perimeter FW. We ask this so thatthere will be no re-architecture or change of config about the Public IP defined in the Internet Perimeter FW. If you have any document experience or KB article pertaining to this it will be a great help to us. Thank you in advance.Solved1.2KViews0likes6CommentsLogging all AFM Rules
Hello, I have multiple AFM rules, more than 300 distributed in multiple "rule-lists". Some have the "logging" option enabled and others do not. I need to enable the "logging" option for all partition rules, is there a method for this? Or some script? Thank youSolved738Views0likes3CommentsAFM reporting no data
Hi! I have an AFM installation here that seems to be working very well as firewall and ddos protection, but the problem is that none of the reports are working. I have a logging profile created for all the VSs and the publisher is set as local-db-publisher everywhere. Logs working: Reports not working: It is also possible to observe some javascript errors being report in console: My logging profile: security log profile Log_Local { dos-network-publisher local-db-publisher ip-intelligence { log-publisher local-db-publisher } network { Log_Local { filter { log-ip-errors enabled log-tcp-errors enabled } publisher local-db-publisher } } port-misuse { log-publisher local-db-publisher } protocol-dns-dos-publisher local-db-publisher protocol-inspection { log-publisher local-db-publisher } protocol-sip-dos-publisher local-db-publisher traffic-statistics { active-flows enabled log-publisher local-db-publisher missed-flows enabled reaped-flows enabled syncookies enabled syncookies-whitelist enabled } } Am I doing something wrong? Thanks!445Views0likes3CommentsVirtual Wire configuration is not imported properly by BIG-IQ
Hi, I am facing the following error when I try to import a Virtual Wire enable BIG-IP device into BIG-IQ: java.lang.IllegalArgumentException: tag 4096 must be between 1 and 4094 I know that issue related to VLAN Groups that requires the allowVlanGroup directive in restjavad.properties.json. Is there something similar to enable Virtual Wires? Thanks!314Views0likes0CommentsAFM FQDN whitelist outbound HTTP (host header) and HTTPS (SNI sub-CA cert) Data Group iRule
Hello! - We would like to be able to create a AFM FQDN whitelist irule with a datagroup entry specifically to match host header with HTTP and to match SNI with HTTPS. Decrypted inspection would utilize company sub-CA cert/key based on existing client-trusted CA. Does someone have a example data group and iRule to use for this? How can I match on an existing sub-CA cert? Would something like this work? ltm data-group internal FQDN_ALLOWED_LIST { records { .site1.com { } .site2.com { } } type string } ltm data-group internal CLIENT_CERT_INFO { records { companycertname { } } type string } #Apply to outbound AFM HTTPS VIP when CLIENTSSL_HANDSHAKE { if { [SSL::extensions exists -type 0] } then { set tls_sni_extension [SSL::extensions -type 0] } } when HTTP_REQUEST { if { ([string tolower [HTTP::host]] contains FQDN_WHITELIST) && ([class match $tls_sni_extension contains CLIENT_CERT_INFO]) } { log local0. "URL is allowed. [HTTP::host] match found in FQDN_WHITELIST" return } else { log local0. "URL is dropped. [HTTP::host] not found in FQDN_WHITELIST" drop } } #Apply to outbound AFM HTTP VIP when HTTP_REQUEST { if { ([string tolower [HTTP::host]] contains FQDN_WHITELIST) } { log local0. "URL is allowed. [HTTP::host] match found in FQDN_WHITELIST" return } else { log local0. "URL is dropped. [HTTP::host] not found in FQDN_WHITELIST" drop } } Thanks!! TJ333Views0likes0Commentsf5 sync error after VIP was deleted on A device and New VIP created with the IP being same from the deleted VIP
11.5.1 Hotfix HF7 7.0.167 Tried to Sync from a to b device reports the follwing error StatusSync Failed SummaryA validation error occurred while syncing to a remote device Details Sync error on 1b: Load failed from 1a 01020056:3: Error computing object status for virtual_server (xserver.abc.com). Recommended action: Review the error message and determine corrective action on the device217Views0likes2CommentsACL matches per rule Context(Enforced) on F5 ASM
Hi All, When I go to F5 >> Security ›› Reporting : Network : Enforced Rules ACL matches per rule Context(Enforced). It shows Virtual Server622,780 Global111,203 AggregatedSelf IP1,336 /Common/BRIDGE-VLAN-GROUP_self_ipSelf IP603 /Common/App_x.x.x.x_VIPVirtual Server2 OverallN/A733,645 These are ACL matches per rule context.Please explain where is ACL and how this value depends on it.213Views0likes2Comments