Big-Ip Edge Client specials characters problems
Hello, I have installed the big-ip edge client version 7.2.4.5 with APM modern and I have some problem with specials characters in FRENCH as shown on the screenshot. What do I need to do ? I tried to modify the text on the general customization but I got an script error after that. Regards, Miguel CamposIntroducing the F5 Application Study Tool (AST)
In the ever-evolving world of application delivery and security, gaining actionable insights into your infrastructure and applications has become more critical than ever. The Application Study Tool (AST) is designed to help technical teams and administrators leverage the power of open-source telemetry and visualization tools to enhance their monitoring, diagnostics, and analysis workflows.Mitigating OWASP Web App Risks: Software and Data Integrity Failures using BIG-IP Advanced WAF
This article gives detailed information of OWASP top 10 Web Application security series, providing an in-depth knowledge on OWASP Software and Data Integrity attacks and mitigate methods using F5 BIG-IP Advanced WAF.Warning while running tmsh load sys config verify
Hello , I ran "tmsh load sys config verify" before code upgrade of an HA having LTM, APM , ASM running on it. No idea about 2 warning shown below. How to fix it before Code Upgrade ? Or with this Warning can I still proceed for Code upgrade ? Validating configuration... /config/bigip_base.conf /config/bigip_user.conf /config/bigip.conf /config/bigip_script.conf There were warnings: /Common/SSl-Debug:28: warning: [The following errors were not caught before. Please correct the script in order to avoid future disruption. "unexpected end of arguments;expected argument spec:PROC_SCRIPT"1592 798][proc flowid-gen { # Find the name of this Virtual Server, minus the partition/path. # # Use these for the short VIP name set vipsplit "[split "[virtual name]" /]" set vipname "[lindex $vipsplit end]" # Use this instead for the VIP name including partition path #set vipname [virtual name] # Start an event counter set eventnum 1 # Mark the start time and create a unique ID for this flow set flowtime "[clock clicks]" set flowid "slot[TMM::cmp_group]/tmm[TMM::cmp_unit]-$flowtime" # this return left in iffy state due to no proc calls from flow_init experimentation return "$vipname $flowid $flowtime $eventnum" }] /Common/SSl-Debug:137: warning: [The following errors were not caught before. Please correct the script in order to avoid future disruption. "unexpected end of arguments;expected argument spec:PROC_SCRIPT"10855 57][proc test { log -noname "test happened!" }] In profile access (/Common/ActiveSync_App.app/exch), duplicate log destination (/Common/local-db) is found with configured publishers (/Common/sys-db-access-publisher) and (/Common/sys-db-access-publisher). In profile access (/Common/ActiveSync_App.app/exch), duplicate log destination (/Common/local-syslog) is found with configured publishers (/Common/sys-db-access-publisher) and (/Common/sys-db-access-publisher). In profile access (/Common/OutlookWebAccess_App.app/exch), duplicate log destination (/Common/local-db) is found with configured publishers (/Common/sys-db-access-publisher) and (/Common/sys-db-access-publisher). In profile access (/Common/OutlookWebAccess_App.app/exch), duplicate log destination (/Common/local-syslog) is found with configured publishers (/Common/sys-db-access-publisher) and (/Common/sys-db-access-publisher).
Proxy Protocol v2 Initiator
Problem this snippet solves: Proxy Protocol v1 related articles have already been posted on DevCentral, but there is no v2 support iRule code available. A customer wanted to support Proxy Protocol v2, so I wrote an iRule code for supporting v2. Proxy protocol for the BIG-IP (f5.com) How to use this snippet: Back-end server must handle Proxy header prior data exchange. Code : when CLIENT_ACCEPTED { # DEBUG On/Off set DEBUG 0 set v2_proxy_header "0d0a0d0a000d0a515549540a" # v2 version and command : 0x21 - version 2 & PROXY command set v2_ver_command "21" # v2 address family and transport protocol : 0x11 - AF_INET (IPv4) & TCP protocol set v2_af_tp "11" # v2 Address Size : 0x000C - 12 bytes for IPv4 + TCP set v2_address_length "000c" # Get TCP port - 2 byte hexadecimal format set src_port [format "%04x" [TCP::client_port]] set dst_port [format "%04x" [TCP::local_port]] # Get Src Address and convert to 4 byte hexadecimal format foreach val [split [IP::client_addr] "."] { append src_addr [format "%02x" $val] } # Get Dst Address and convert to 4 byte hexadecimal format foreach val [split [IP::local_addr] "."] { append dst_addr [format "%02x" $val] } # Build proxy v2 data set proxy_data [binary format H* "${v2_proxy_header}${v2_ver_command}${v2_af_tp}${v2_address_length}${src_addr}${dst_addr}${src_port}${dst_port}"] if { $DEBUG } { binary scan $proxy_data H* proxy_dump log local0. "[IP::client_addr]:[TCP::client_port]_[IP::local_addr]:[TCP::local_port] - proxy_data dump : $proxy_dump" } } when SERVER_CONNECTED { TCP::respond $proxy_data }
Big-IP not recognized by Big-IQ
Dear Techs, I'm in a strange situation where I'm supposed to add both F5 Big-IP with Big-IQ. Both Big-IP and Big-IQ are in same subnet, so firewall isn't a question. The Big-IP are in HA. I've successfully added the Standby unit with Big-IQ without any issues while adding the Active unit I'm getting below error message : The device <Big-IP-Management-IP> (null) is not a Big-IP device. I've added a total of 7 devices successfully, using the same procedure, same authentication. Any help with be greatly appreciated. Big IQ version : 8.0.0 Big-IP version : 14.1.4 thank youNetScaler to F5 Migration
Hi Team, I am facing difficulties while converting the NetScaler ns.conf file into an F5 BIG-IP LTM configuration, particularly with VIPs, pools, and nodes. I have attempted multiple methods to perform this conversion but have not had success. If you have any recommended approaches or tools to facilitate this process, please share them with us. NetScaler Version: v13.5 Build 52
An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)
Hello Community, I have a requirement to allow enriched https header enrichment. The SSL negotiation (I'm doing ssl termination on F5) fails because the enriched header from client contains reserved tls extension values. (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtmltls-extensiontype-values-1). The Client Hello request in the SSL Handshake was captured and contained an Extensions list, which included a reserved TLS Extension value (17156), which the F5 isn't presenting in Server Hello. I need an irule that can allow that Extension to be added on the client ssl profile so the ssl handshake doesn't fail.
