AMQP Cleartext Authentication
Description The remote Advanced Message Queuing Protocol (AMQP) service supports one or more authentication mechanisms that allow credentials to be sent in the clear. Solution Disable cleartext authentication mechanisms in the AMQP configuration in ubuntu or centos machines disable unencrypted access in the configuration file. >> unencrypted" here refers to client connections. https://www.rabbitmq.com/ssl.html Steps of disabling the AMQP: https://liquidwarelabs.zendesk.com/hc/en-us/articles/360019562832-Disable-cleartext-authentication-option-in-RabbitMQ The above link used for windows vulnerability. Please help in getting resolution for Centos or Ubuntu configuration file.
How to make outbound traffic to flow through an F5
Hello, We have an F5 LTM that front our backend middleware server-pair in a HA setup. So F5 serves as a LB that forward incoming traffic to the active one. But we also need the backend server initiated outbound communication session to go through the F5 and carries F5's address as the origin IP. This is needed because we are replacing an existing standalone middleware server with this above F5-HA infrastructure. But we're experiencing some difficulty. What do we need to do to make this above configuration possible?
Email Notification of Certificate Expiration
Hi All, Hope you are doing well! Can you please help me in getting email notification for certificate expiry using BIG -IQ. I have enable the certificate expiration and gave threshold as 30 Days. But it is triggering email for those certificate as well who are having 200+ , 300+ , etc .. days left to expire. Can you please help me to fix this. Regards, ShashankS
Problem with HA configuration
Hello everybody, My company system now is located at one Datacenter and now my boss want to split it to two different Datacenters to achieve full redundancy ability for the system (hardware and netwoking)and we can share workload between two Datacenter as well. I have deceiced to extend our VLAN at old Datacenter to new Datacenter via VXLAN with Multicast protocol. I did a LAB with my idea but i have some problems with F5 devices in HA mode(without mirroring state). Please kindly give me some advise. My Lab is look like "topology" attachment. - I run VXLAN via a GRE Tunnel to make it transparent to ISPs and it up and running. - I use VLAN 50 (172.16.1.0/24) for HA purpose to achieve Active/Active mode for a pair of HA devices and also VLAN 200 for Management purpose. You can see the latency on VLAN50, VLAN200 between 2 F5 before config-sync occur as my ping result attachments. https://drive.google.com/open?id=0B1jVb3_KazOfLTVQMU5KaThVV1U https://drive.google.com/open?id=0B1jVb3_KazOfYnpqTV8yWHgzckE https://drive.google.com/open?id=0B1jVb3_KazOfR1huLW93MFJPdEU https://drive.google.com/open?id=0B1jVb3_KazOfSF9VSzBIelczSU0 The problem appear after i create a peer list, device group for two F5s, they never completely perform neighbor. One F5 is always in disconnected mode, the other is always in trust-only mode, please see my "state" attachments. https://drive.google.com/open?id=0B1jVb3_KazOfTTF4b0tuNkIxb0k https://drive.google.com/open?id=0B1jVb3_KazOfSlRtM1dTS0xuV1E When every time i access device management => overview F5 is be hangout and even affect to all the networking performance between to my Switches (network behavior like being flood packet). When i show /var/log/ltm i can see the CMI connection was being flapping may be due to TMM can't perform connect with peer device. I cann't understand what make it happen. https://drive.google.com/open?id=0B1jVb3_KazOfNGhZU0YtWlpYN2s Anyway, my two ASAs can work perfectly on active/active mode. Any advise for me is much appreciated.
What are differences in personality of Bigiq Centralized Management (cm) & Data collection Device (DCD) ?
Hi All, While I was reading about Bigiq, there was mention I have to select one of below mention personality at then time of licensing. Big IQ- Centralized Management (CM) Big IQ Data collection Device (DCD) Can you please refer any documents or kindly describe the major differences?
F5 Specific Module Access based on Role
Hi Team, We know this is possible in Big-IQ. Below requirement is to achieve it without Big-IQ and directly in the Big-IP. Is it possible without Big-IQ ? Admin-A (Group of Admins) should have access only to LTM, DNS and System Management can do any admin activities and analysis. Admin-B (Group of Admins) should have access only to APM, AFM, ASM/WAF can do any admin activities and analysis. Super Admin: Should have all access. Also, please let me know if these requirements can be achieved only in Big-IQ what more granular level of control Big-IQ can provide.
Can we use BIG IQ Management IP to establish HA
Hi, We have two BIG IQ Enterprise manager, one in each DC. Both the DCs have their own exclusive IP subnets. can we establish HA between these two BIG IQ Enterprise Manager using their Management IPs? Note: Management IP will be in different subnet for each BIG IQ Manager.
