Resetting to Factory Default
I recently followed the the procedure in K44595522 to wipe of pair of i2800. I started with the standby device which went just as expected. When I ran the same steps on the active device, it scrolled lines across the screen anywhere from 15 to 30 minutes. And when it finally stopped the device was not completely wiped like the standby device. Anyone else have this same experience? Thanks in advance.
sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic
When I enable the sslprovider and start a tcpdump on the server-side in order to decode TLSv1.3 traffic, only the CLIENT_HANDSHAKE_TRAFFIC_SECRET and SERVER_HANDSHAKE_TRAFFIC_SECRET 'keys' are stored in the packet capture file, but the CLIENT_TRAFFIC_SECRET and SERVER_TRAFFIC_SECRET 'keys' are missing. This prevents me to decode the application data in the packet capture: # tmsh modify sys db tcpdump.sslprovider value enable # tcpdump -i <server-side-VLAN> -s0 -f5 ssl:v -vvv -w /var/tmp/output.cap <Generate traffic> # tshark -r /var/tmp/output.cap -Y "f5ethtrailer.tls.keylog" -T fields -e f5ethtrailer.tls.keylog On the client-side, this works as expected. Is this a bug (tested with TMOS 17.5.1)? Am I doing something wrong?
Issue with IIS and Client Component Service Load balancing
Hi Team, We have Citrix Client Machine(Total-7) accessing the VIP's 443,5609(same virtual server) configured on LTM and 3 web application server(IIS and Client Component Service running) as backend. With three servers in backend for 443 and 5609, the accessibility of web services never works. with single real server enabled for 443 and 5609, the connectivity works. I have tried sourceip and cookie persistence enabled, still no luck. Can somebody help. Client --> F5 vip (443,5609) --> SNAT Automap --> Pool(443,5609) ---> 3 real server
Forward proxy with SSL passthrough - SWG license required?
Hi, At one site with a single v15 VE I need to proxy outbound traffic, but without SSL inspection. Most docs relating to SSL passthrough assume that targets are internal and pooled but this is not my scenario: internal clients must connect to numerous (but specified) external URLs outside my control, and whose IPs are constantly changing. This similar query states solved via iApp but does not specify which one, or much detail on the final config. Regarding the license aspect, other proxy-related posts refer to the need for SWG license (which I don't have) - would I need this? The documentation for this use-case is unclear; any comments/tips gratefully received! Cheers, autoIdentity-centric F5 ADSP Integration Walkthrough
In this article we explore F5 ADSP from the Identity lense by using BIG-IP APM, BIG-IP SSLO and add BIG-IP AWAF to the service chain. The F5 ADSP addresses four core areas: Deployment at scale, Security against evolving threats, Deliver application reliably, Operate your day to day work efficiently. Each comes with its own challenges, but together they define the foundation for keeping systems fast, stable, and safe. Each architecture deployment example is designed to cover at least two of the four core areas: Deployment, Security, Delivery and XOps.AI Inference for VLLM models with F5 BIG-IP & Red Hat OpenShift
This article shows how to perform Intelligent Load Balancing for AI workloads using the new features of BIG-IP v21 and Red Hat OpenShift. Intelligent Load Balancing is done based on business logic rules without iRule programming and state metrics of the VLLM inference servers gathered from OpenShift´s Prometheus.
SSL cipher
Hi guys TLS is weird. Why is this behavior happening? The server that receives the client hello sends an alert. Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 688 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 684 Version: TLS 1.2 (0x0303) The server only allows TLS 1.0. Our SSL profile is also set to only allow TLS 1.0.
