HA Configuration (One in primary and One in DR)
Hi folks, I currently have HA pair (active/passive) in a primary data center and we are bringing up a DR. wondering can I split up the HA pair (One in primary and One in DR) and continue to have HA with utilizing different subnets? We are using multiple IPSEC tunnels to connect the sites so we are still working on whether we can extend subnets but if we can't I wanted to ask if different subnets are possible. Thank you any info is appreciated29Views0likes4CommentsF5 APM/RDG Not working
Hi guys, created a new access policy and I get as far as being able to download the rdp file, when I execute the file, I see the traffic on 443 land on the F5, but I do not see any attempt from the F5 to open a connection to the RDP server (no packets to the rdp server IP address at all in a tcpdump) I have a forwarding server that encompasses 10.0.0.0/8 and I have another access policy that is working with a server in the same range. There is a rule on AFM, SNAT is enabled. feel like I am missing something simple here, unfortunately I have no logs at all to explain what is or is not working , any ideas what this could be missing? I feel like it has to be something to do with the virtual server with the access policy on it.15Views0likes0CommentsAPM Portal Access Rewriting
Hi all, A customer of us is using the F5 with APM and a Full Weptop Config. They're using a Full Webtop Portal with Portal Access Ressources and Rewriting. One of the Portal Access is connecting to a Document Management Application (https://backend.com) where the Source IP is allowed for access from the F5. Now the Backend Provider of the Document Management App has upgraded the Application and integrated a Keycloak IAM, since then the included OpenID Connect SSO Requests are not properly rewriten by the F5. The Client connects then directly to the SSO URL for OIDC and not through the Portal Access Rewriting. We created a HAR File on the client and see the following: ******* Requests to rewriting: https://portal.f5.com/f5-w-abc123/page1.html https://portal.f5.com/f5-w-abc123/somejavascript.js https://portal.f5.com/f5-w-abc123/somepic.jpg ..... Then the following: https://api.essentials.backend.com/api/userrequest And: https://id.backend.com/realms/essentials/protocol/openid-connect/auth?client_id...... ******* The obfuscated path /f5-w-abc123 results in the URL https://backend.com So how can we have the other URL also rewritten so that https://api.essentials.backend.com/... is rewritten to https://portal.f5.com/f5-w-xyz123 ? Thank you for your help11Views0likes1CommentAPM Import error: config version 15.1 is not compatible with BIGIP version 16.1
I would like to migrate all of our APM policies from old F5 platform (v15.1) to newer F5 platform (v16.1). I can migrate most of the objects, except for APM. I get an error message "Import error: config version 15.1 is not compatible with BIGIP version 16.1" when import on the newer F5. I noticed there is a file calledng-export.conf inside the exported .tar file. Can I modify the following setting to correct version like this? I'm not sure if there will be bunch of other settings that may be not compatible between version. #F5[Version:15.1] #F5[Build:15.1.10.3-0.0.12.0] To #F5[Version:16.1] #F5[Build:16.1.5-0.0.3.0] Have anyone done like this before?40Views0likes2CommentsHow to Disable fields after AD Password expired
Hi everyone. We have a F5 v17.1.0.3 with APM Profile configured in standard mode customization configuration. We would like to disable the fields "New Password" and "Verify Password" after the AD responds with message "Password Expired". The AAA error message we modified without problems, editing the AAA error message custom. Its possible to disable these fields "New Password" and Verify Password? Regards.60Views0likes2CommentsWhat is the use of epsec-package file in APM ?
Hello Team , What is the use of epsec-package file in APM ? How EPSEC works in APM ? apm epsec epsec-package epsec-1.0.0-1622.0.iso { create-time 2024-09-19:12:50:37 last-update-time 2024-03-21:11:07:38 mode 33188 oesis-version 4.3.3969.0 revision 1 size 301641728 system-package true updated-by root version 1.0.0-1622.0 }33Views0likes3Comments[APM] - Error: failed to reset strict operations; disconnecting from mcpd
Hello Experts , When we try to verify the sys config with the command "load sys config verify" , we are getting beow error message followed with the services restart ...Bug ID 997793 (f5.com) , We tried to remove the old epsec-package file and restarted , but no luck . Can anyone please advise on this ? Validating configuration... /config/bigip_base.conf /config/bigip_user.conf /config/bigip.conf /config/bigip_script.conf Error: failed to reset strict operations; disconnecting from mcpd. Will reconnect on next command. The connection to mcpd has been lost, try again.10Views0likes1Commentuser alert on apm logs
I try to trigger a command when a specific log is written on /var/log/apm It works on 2 different non prod big-ip, but on a third one in production it only works with /var/log/ltm logs. user_alert.conf "failed" is commun in my ltm logs. "New session" is commun in apm logs. So this works (triggered from ltm logs): alert test "failed" { exec command="logger -p local0.notice 'test'" } This doesn't (not triggered from apm logs): alert test "New session" { exec command="logger -p local0.notice 'test'" } Do you have any idea why?27Views0likes2CommentsAPM : is VMware Workspace One supported as an Endpoint Management System?
Hello, In the past, we added our on-premises Airwatch server in the Endpoint Management Systems list. We used this feature to check if the smartphones connecting to the VPN were properly enrolled. We used this feature only for a few users. We migrated to VMware Workspace One in SaaS mode but we forgot about this feature. Is VMware Workspace One supported as an Endpoint Management System? Could F5 APM connect to WSO API? When adding our WSO instance as Airwatch, we got a "General configuration error". Thank you Thomas19Views0likes1CommentYubikey APM and AzureAD question
HEy I'm trying to add the ability to use yubikeys as hardware keys to my Saml/Azureid logins. I saw this doc for how to do it with okta. Application access using YubiKey Authentication with APM and Okta | DevCentral I was wondering if their were similar instructions for Azure AD. It seems like the okta integration relies on okta connecter supporting yubikey in v 16.0. We are currently running 16.1.5, but I don't see something similar in the Azure AD connector. I was wondering how other people have done this? Or if their was something I'm missing? We've been able to add yubikeys to ont eh Azure Ad side, but they never show up when we try to use them as a 2nd factor with The BIG IP Edge client.31Views0likes2Comments