BIG-IP Access Policy Manager (APM)
8663 TopicsAPM Import error: config version 15.1 is not compatible with BIGIP version 16.1
I would like to migrate all of our APM policies from old F5 platform (v15.1) to newer F5 platform (v16.1). I can migrate most of the objects, except for APM. I get an error message "Import error: config version 15.1 is not compatible with BIGIP version 16.1" when import on the newer F5. I noticed there is a file calledng-export.conf inside the exported .tar file. Can I modify the following setting to correct version like this? I'm not sure if there will be bunch of other settings that may be not compatible between version. #F5[Version:15.1] #F5[Build:15.1.10.3-0.0.12.0] To #F5[Version:16.1] #F5[Build:16.1.5-0.0.3.0] Have anyone done like this before?Solved54Views0likes3CommentsIs network access bypassing APM logon pages?
Hello, Maybe it's a stupid question but I've been wondering about it for a while without finding a proper answer. Usually, you can either access your web apps remotely through APM or you can use a SSL VPN connection to have a full network access. Recently when I was connected to the VPN (BigIP Edge Client), I tried to access different web apps through APM in order to test some APM workflows (vpe config) and I noticed I was somehow bypassing the APM logon pages : actually I was able to access the web apps without having the APM logon pages. Maybe these were silly tests but still i'm wondering : what happened ? I used an irule to have verbose logs, I saw that my vpn session ID were being used when accessing these web apps. Is there any credential forwarding ? How does it work ? Thank you ThomasSolved586Views0likes8Comments<apm_do_not_touch> in JS file failing</apm_do_not_touch>
So we have an application that uses the @cc_on statement within a javascript file, and the APM is trying to rewrite it. Problem is (as stated in SOL3910) that the rewrite breaks the code because it doesn't rewrite properly. According the the SOL3910, adding the tag around an HTML element works to tell APM to ignore rewriting this section. The problem is that this fix doesn't (fully) work in JS files because the tag is an html tag. While adding the tag around the section will work to keep APM from rewriting the code, because it's in a JS file, the syntax is invalid and causes other JS errors. I've tried embedding the tag in a comment (many different ways) but it doesn't work, and APM will continue to rewrite the code. I doubt there's a javscript statement we can use to do the same thing here and cause APM to ignore rewriting it, but wanted to see if anyone else had a similar issue before or ideas on resolution.442Views0likes2CommentsSSO
I am.beginner with APM I could see same access profile is mapped to 2 different VS. 1.my understanding is they have mapped same access profile to make sso work between virtual servers..is that right? 2.when sso has been generated in first vs it will be passed to user browser right?and when the same user access the 2nd VS how does the second vs validate credentials?Solved115Views0likes10CommentsOAuth token synchronization in APM HA pair
Hello. I have an HA pair of APMs, acting as a OAuth authorization server. By default, devices in HA should synchronized OAuth tokens from Active to Standby. But I don't see issued tokens on Standby device. The statemirror.mirrorsession system database variable set in "enabled". :Active:In Sync] ~ # tmsh show apm oauth token-details db-instance <db_name> total-tokens: 7258 :Standby:In Sync] ~ # tmsh show apm oauth token-details db-instance <db_name> total-tokens: 0 No synchronization errors (Failed to initiate DB synchronization (ERR_DB)) in logs. How can I check, that token synchronization is successful and issued OAuth tokens existing on both device in cluster?727Views0likes7CommentsDTLS support for Citrix Receiver 4.7? (Adaptive Transport, EDT)
Will there be DTLS support for Citrix new "Adaptive Transport" or "Enlightened Data Transport (EDT)" which is based on UDP in APM? This is a new feature since version 4.7 of Citrix Receiver, and version 7.13 of XenDesktop/XenApp. I would definitely want it to be supported asap...809Views0likes6CommentsIcall script argument
Hello! How I can translate to icall script argument from APM via iRule? Example. I want generate user certificate SSL via APM. I wrote bash script, but it should be called with two argument - UserName and UserDomain. Thank you! sys icall script gcc_script { app-service none definition { exec /home/root/scripts/certificates.sh $UserDN $DomainDN exec istats remove "GCC generate for UserDN" } description none events none }281Views0likes1CommentF5Access | MacOS Sonoma
I upgraded my MacOS to Sonoma (the latest version of MacOS) and now F5 Access does not open When I try to open the application, nothing happens. The icon in the up menu bar does not appear. Is anyone passing through the same situation? Thanks! Thanks!Solved3.3KViews3likes53Commentsconfigure f5 login using AD
hi, I need to configure to use AD account to login to the f5 configurations utility. I found an article for this https://support.f5.com/kb/en-us/solutions/public/11000/000/sol11072.html1 when select remote - active directory, questions: 1.) remote directory tree - what is the example of this parameter looks like ? 2.) for scope field, which options recommended ? SUB or BASE ? if anyone configure this previously ? hope to share the settings..:) thank you283Views0likes5Comments