On the R4800 series, sometimes ICMP does not work properly. Reboot fixes the problem
Problem definition. Tenant A is deployed in Box X, Tenant B is deployed in Box Y. (L2 syncro vlan is done between the two boxes) Tenant A pings Bye and gets a response, while Tenant B pings A and gets an unreachable message. When Box Y is rebooted, everything starts to work normally for a while, but after a while the connection is lost again. Has anyone ever encountered this problem?46Views0likes3CommentsF5 APM with TOTP iRule event with QR Code creation
Hello, we have an topic F5 APM with TOTP iRule event with QR Code creation, we did user that from GIT https://github.com/isometry/f5-totp and it works fine at the moment with the datagroup for testing. In productive scenario we have to user the LDAP/AD to put a secret behind a user. So my question is, is it possible for convenience and self service for the user to generate a QR Code between the auth process from the F5 it self ? Without Google Authenticator and so on !!! My idea was to generate a QR code with the powershell https://www.powershellgallery.com/packages/QRCodeGenerator/2.6.0 or to put the QR Code inside a unc path from the user. Is something possible or do we need an third party tool for example entraID, Microsoft Authenticator, Google Auth., RSA Auth. Manager (SecurID) and so on. Maybe someone has already implemented such a requirement. I saw there a java script for the QR code cration: https://github.com/akhmarov/f5_otp/blob/master/docs/INSTALL.md#create-apm-hosted-content Maybe it is possible an I could get some hints how could I find the best solution for that. kind regards39Views0likes4CommentsForward ASM event logs to Virtual server
Greetings. I want to forward the logs coming to ASM Policies to 2 syslog servers for the purpose of Failover Load balancing. For this I created a VS running on port 514 and I send to the pool running on port 514 but it doesn't go. When I send it with a regular log profile, the logs are forwarded to me, but it needs to go from VS as a load balance (fail-over).21Views0likes1CommentConsulta Irule pool status
Good afternoon, friends. I am trying to create an iRule that can be used on any Virtual Server (without having to create one for each pool or node) that can analyze the state of the pool members and display an image according to their status. Case 1: If someone sets the nodes to a disabled or forced offline state, display a maintenance image. Case 2: If a node goes down due to a monitor failure (e.g., it stops responding on port 80), display a technical issues image. I want to upload all the images as iFiles within the F5. So far, I have this, but I am not able to get it working :( ######################################################################### Versión en Español: Buenas tardes amigos, estoy tratando de generar una irule que se pueda usar en cualquier VS (sin tener que crear una por cada pool o nodo existente) que pueda analizar el estado de los miembros de un pool y mostrar un imagen según su estado. Caso 1: si alguien coloca los nodos en estado disable o force offilne muestre una imagen de mantenimiento. Caso 2: si el nodo se cae por la falla del algún monitor (Ej: deja de responder el puerto 80) muestre una imagen de problemas técnicos. todas las imágenes las quiero cargar como ifile dentro del F5.. Hasta ahora tengo esto pero no lo estoy pudiendo hacer andar :( ######################################################################### when LB_FAILED { # Obtén el nombre del pool asociado con el Virtual Server actual set pool_name [LB::server pool] if { [active_members $pool_name] < 1 } { # Verifica el estado del pool dinámicamente if { [LB::status pool $pool_name] eq "user disabled" || [LB::status pool $pool_name] eq "forced offline"} { # Si los nodos están en disable o force offline manualmente set ifile_name "/Common/mantenimiento_image" ;# Nombre del iFile para mantenimiento } else { # Si los nodos están caídos por un fallo detectado por el monitor set ifile_name "/Common/problemas_tecnicos_image" ;# Nombre del iFile para problemas técnicos } # Leer el contenido del iFile y responder al cliente con la imagen set ifile_content [ifile get $ifile_name] HTTP::respond 200 content $ifile_content "Content-Type" "image/jpeg" } } Si alguien me puede ayudar se lo agradecería mucho.39Views0likes3CommentsExtract GTM Pool Members with Curl
Hello, I was wondering if there is anything required to be enabled in GTM to allow REST API calls vi tools like curl. I would like to get pool members of a certain pool; preferable the output should be in json format. Ideally, the authentication token should be received/generated first to use it in any consequent API call. Thanks, Version: BIG-IP 14.1.4.6 Build 0.0.8 Point Release 644Views0likes1CommentOne Connect not keeping connection open on HTTP 204 No Content
We have an application that returns a 'HTTP 204 No Content' response on 99% of all requests. These connections are being kept open and reused on the client side of the F5. The problem is the Load Balancer closes these connections on the server side right after the HTTP 204 RESPONSE is received from the server. When we send a HTTP 200 the connection is kept open and reused(normal One Connect operation). Is there an iRule that we can apply to the VIP to keep the connection open even when the Server returns a 'HTTP 204 No Content'? Thanks533Views0likes9CommentsAS3 w/ certificates and renewals..
So, I found myself in a little bit of a quandary with the use AS3 declarations to deploy our F5 configurations for our services. So to create a virtual server with SSL certificate and profiles, and the nine-yards, you need to have as part of your AS3 declaration: SSL certificate (key and cert), that populate the profile, that then populates the profile section within the virtual server. So far so good... Now, the certificate has a TTL (if you will), and needs to be renewed. In the past, I had a Python script that goes through the F5 using REST API to find expiring certificates and get new certs and updates the configuration. That worked just fine, and I have adapted that to be used on our new F5s using partitions/tenants, and it works. Unfortunately is also breaks the one source of truth (AS3), so if I go make a change to an AS3 declaration to make pool member or other configuration changes, and I then redeploy the AS3 declaration, then the OLD certificate if put back into play (which could be expired) and the service goes down. Has not happened yet, because this FUBAR situation popped into my head. ..and that is my quandary... How do I redeploy configurations and have it ignore the certificate and profile stanzas in AS3 declaration - so it does not redeploy an old and possibly expired certificate? One may think .. well update the declaration with the updated certificate. Not as easy as one may think. I would have to do this for any declaration that I want to modify, not a easy task.. log-into the F5, fetch the new PEMdata for the certificate and key, update the declaration, and then deploy it. In some AS3 declarations, I am defining multiple environments for a service, and there might be up to 5 different certificate/key pairs that I would need to update prior to redeploying .. ugh! I am in a pickle. Thoughts? The only solution that I have been able to conjure up in my head is additional automation and scripting that would automatically update the AS3 declarations when a certificate is renewed, which makes sense .. just have no idea how to go about this just yet. Hoping there are other alternatives?!Solved135Views0likes6CommentsHow to reset GUI password through CLI or API through F5 Next Central Manager(CM) ?
Hello, I have access to Central Manager(CM) through the CLI but the CLI password as mentioned in Unable to login as admin to the Central Manager GUI (f5.com) isdifferent than the GUI password, so is there a way to reset it?62Views0likes4Comments