AMQP Cleartext Authentication
Description The remote Advanced Message Queuing Protocol (AMQP) service supports one or more authentication mechanisms that allow credentials to be sent in the clear. Solution Disable cleartext authentication mechanisms in the AMQP configuration in ubuntu or centos machines disable unencrypted access in the configuration file. >> unencrypted" here refers to client connections. https://www.rabbitmq.com/ssl.html Steps of disabling the AMQP: https://liquidwarelabs.zendesk.com/hc/en-us/articles/360019562832-Disable-cleartext-authentication-option-in-RabbitMQ The above link used for windows vulnerability. Please help in getting resolution for Centos or Ubuntu configuration file.What is BIG-IQ?
tl;dr - BIG-IQ centralizes management, licensing, monitoring, and analytics for your dispersed BIG-IP infrastructure. If you have more than a few F5 BIG-IP's within your organization, managing devices as separate entities will become an administrative bottleneck and slow application deployments. Deploying cloud applications, you're potentially managing thousands of systems and having to deal with traditionally monolithic administrative functions is a simple no-go. Enter BIG-IQ. BIG-IQ enables administrators to centrally manage BIG-IP infrastructure across the IT landscape. BIG-IQ discovers, tracks, manages, and monitors physical and virtual BIG-IP devices - in the cloud, on premise, or co-located at your preferred datacenter. BIG-IQ is a stand alone product available from F5 partners, or available through the AWS Marketplace. BIG-IQ consolidates common management requirements including but not limited to: Device discovery and monitoring: You can discovery, track, and monitor BIG-IP devices - including key metrics including CPU/memory, disk usage, and availability status Centralized Software Upgrades: Centrally manage BIG-IP upgrades (TMOS v10.20 and up) by uploading the release images to BIG-IQ and orchestrating the process for managed BIG-IPs. License Management: Manage BIG-IP virtual edition licenses, granting and revoking as you spin up/down resources. You can create license pools for applications or tenants for provisioning. BIG-IP Configuration Backup/Restore: Use BIG-IQ as a central repository of BIG-IP config files through ad-hoc or scheduled processes. Archive config to long term storage via automated SFTP/SCP. BIG-IP Device Cluster Support: Monitor high availability statuses and BIG-IP Device clusters. Integration to F5 iHealth Support Features: Upload and read detailed health reports of your BIG-IP's under management. Change Management: Evaluate, stage, and deploy configuration changes to BIG-IP. Create snapshots and config restore points and audit historical changes so you know who to blame. 😉 Certificate Management: Deploy, renew, or change SSL certs. Alerts allow you to plan ahead before certificates expire. Role-Based Access Control (RBAC): BIG-IQ controls access to it's managed services with role-based access controls (RBAC). You can create granular controls to create view, edit, and deploy provisioned services. Prebuilt roles within BIG-IQ easily allow multiple IT disciplines access to the areas of expertise they need without over provisioning permissions. Fig. 1 BIG-IQ 5.2 - Device Health Management BIG-IQ centralizes statistics and analytics visibility, extending BIG-IP's AVR engine. BIG-IQ collects and aggregates statistics from BIG-IP devices, locally and in the cloud. View metrics such as transactions per second, client latency, response throughput. You can create RBAC roles so security teams have private access to view DDoS attack mitigations, firewall rules triggered, or WebSafe and MobileSafe management dashboards. The reporting extends across all modules BIG-IQ manages, drastically easing the pane-of-glass view we all appreciate from management applications. For further reading on BIG-IQ please check out the following links: BIG-IQ Centralized Management @ F5.com Getting Started with BIG-IQ @ F5 University DevCentral BIG-IQ BIG-IQ @ Amazon Marketplace
How to make outbound traffic to flow through an F5
Hello, We have an F5 LTM that front our backend middleware server-pair in a HA setup. So F5 serves as a LB that forward incoming traffic to the active one. But we also need the backend server initiated outbound communication session to go through the F5 and carries F5's address as the origin IP. This is needed because we are replacing an existing standalone middleware server with this above F5-HA infrastructure. But we're experiencing some difficulty. What do we need to do to make this above configuration possible?
Email Notification of Certificate Expiration
Hi All, Hope you are doing well! Can you please help me in getting email notification for certificate expiry using BIG -IQ. I have enable the certificate expiration and gave threshold as 30 Days. But it is triggering email for those certificate as well who are having 200+ , 300+ , etc .. days left to expire. Can you please help me to fix this. Regards, ShashankS
What are differences in personality of Bigiq Centralized Management (cm) & Data collection Device (DCD) ?
Hi All, While I was reading about Bigiq, there was mention I have to select one of below mention personality at then time of licensing. Big IQ- Centralized Management (CM) Big IQ Data collection Device (DCD) Can you please refer any documents or kindly describe the major differences?
Problem with HA configuration
Hello everybody, My company system now is located at one Datacenter and now my boss want to split it to two different Datacenters to achieve full redundancy ability for the system (hardware and netwoking)and we can share workload between two Datacenter as well. I have deceiced to extend our VLAN at old Datacenter to new Datacenter via VXLAN with Multicast protocol. I did a LAB with my idea but i have some problems with F5 devices in HA mode(without mirroring state). Please kindly give me some advise. My Lab is look like "topology" attachment. - I run VXLAN via a GRE Tunnel to make it transparent to ISPs and it up and running. - I use VLAN 50 (172.16.1.0/24) for HA purpose to achieve Active/Active mode for a pair of HA devices and also VLAN 200 for Management purpose. You can see the latency on VLAN50, VLAN200 between 2 F5 before config-sync occur as my ping result attachments. https://drive.google.com/open?id=0B1jVb3_KazOfLTVQMU5KaThVV1U https://drive.google.com/open?id=0B1jVb3_KazOfYnpqTV8yWHgzckE https://drive.google.com/open?id=0B1jVb3_KazOfR1huLW93MFJPdEU https://drive.google.com/open?id=0B1jVb3_KazOfSF9VSzBIelczSU0 The problem appear after i create a peer list, device group for two F5s, they never completely perform neighbor. One F5 is always in disconnected mode, the other is always in trust-only mode, please see my "state" attachments. https://drive.google.com/open?id=0B1jVb3_KazOfTTF4b0tuNkIxb0k https://drive.google.com/open?id=0B1jVb3_KazOfSlRtM1dTS0xuV1E When every time i access device management => overview F5 is be hangout and even affect to all the networking performance between to my Switches (network behavior like being flood packet). When i show /var/log/ltm i can see the CMI connection was being flapping may be due to TMM can't perform connect with peer device. I cann't understand what make it happen. https://drive.google.com/open?id=0B1jVb3_KazOfNGhZU0YtWlpYN2s Anyway, my two ASAs can work perfectly on active/active mode. Any advise for me is much appreciated.
