LTM VE
22 TopicsSNI Sites not taking correct certificate.
I have configured one VIP with two certificate aks.test.com aks4.test.com On SSL profile for aks.test.com i have enabled SNI feature and aks.test.com is working fine taking correct certificate (aks.test.com). but aks4.test.com having not secure error on browser and taking the certificate of (aks.test.com). Could someone please help what could be the issue in this case.89Views0likes6CommentsDiameter iRules attachment?
I'm creating iRules for a Diameter message routing virtual server. I can't seem to get the events DIAMETER_INGRESS or DIAMETER_EGRESS to be executed by the irule. I have the following simple iRule but but I get no log messages in /var/log/ltm when requests are sent. when DIAMETER_INGRESS { log local0. "diameter ingress event detected" if {[DIAMETER::command] == 268} { log local0. "diameter eap request detected" } } when DIAMETER_EGRESS { log local0. "diameter egress event detected" if {[DIAMETER::command] == 268} { log local0. "diameter eap egress detected" } } } I've attached this iRule to the transport profile as well as the VS but no log messages. The message routing configuration is working fine I get a request from upstream which F5 sends downstream and a response is back upstream. What am I doing wrong?52Views0likes3CommentsLog message for exceeding the bandwidth limit (bwc)
Hi, I have created a static bandwidth controller and attached it to a specific route domain. When I was creating more traffic than allowed I have seen that the traffic was capped. So far so so good. But unfortunately i didn't get any log messages for exceeding the limit. Should there be log messages for this? If yes, what can i do to see them ? Should these messages be in the ltm logs? Thanks a lot, Heiko21Views0likes1CommentSSL forward proxy on VE Lab License possible?
trying to configure SSL forward proxy functionality as described here: https://techdocs.f5.com/en-us/bigip-17-0-0/big-ip-system-ssl-administration/implementing-ssl-forward-proxy-on-a-single-big-ip-system.html doing this on a Lab VE and getting the message: 01260000:2: Profile /Common/clientssl-forward-proxy: Forward Proxy is enabled without a license. which makes sense, the "SSL, Forward Proxy" is not in the Lab License. which is also mentioned here (from 2017): Forward explicit SSL proxy server | DevCentral but then again this licensed changed to be part of SSLO and / or SWG and sometimes things change on the VE lab license. anyone encountered the same semi recently? any solution found or recent statement from F5 it isn't possible in VE Lab License?Solved83Views0likes3CommentsPriority group activation on GTM.
Hello All, I need to configure active standby configuration on GTM pool level, only one VS should be UP and second should be standby if one vs is down then traffic should pass to another VS and i can see there is one option Minimum-up Members but i do not know how to use it as a priority group activation on GTM level. If any one has any article or config suggestion please share. Many thanks in advanced for your time and consideration.58Views0likes2CommentsHigh CPU utilization (100%).
I observed high CPU utilization (100%) on F5 device, resource provision ASM nominal. I checked the client-side throughput and server-side throughput both are normal but found management interface throughput is very high and what i noticed this is happening in same time period for last 30 days. What could be the reason for this spike. Many thanks in advanced for your time and consideration.242Views0likes14CommentsHSTS is not working.
Hi there, We have one irule is configured on VIP which is redirecting to maintenance page if user access the wrong url on that page HSTS is not working but if we access the right url then HSTS is working. We have enabled HSTS in http profile and that is attached to the same VIP with irule. Is there any way to enable HSTS on maintenance page or any remediation to fix that issue. if { $DEBUG } { log local0. "TEST - Source IP address: [IP::client_addr]" } switch -glob $uri_ext { "/httpfoo*" {set uri_int [string map {"/httpfoo" "/adapter_plain"} $uri_ext]} "/httptest*" {set uri_int [string map {"/httptest" "/adapter_plain"} $uri_ext]} default { HTTP::respond 200 content [ifile get ifile_service_unavailable_html] set OK 0 } } Many thanks in advance.Solved130Views0likes1CommentHA Active/Standby add 2nd Floating IP from a different Vlan
I have 1 HA Active/Standby pair, I am looking to add a second floating IP for management access from our Management Vlan. We are wanting to access the configuration GUI from an internal URL and get to the Active F5 no matter which one is the active F5 Currently we have a floating self IP and a non floating IP on each of the pairs. What considerations do I need to take to accomplish this? Is this feasible? Do I need to add/change the SNAT pool? Will this affect config-sync or failover? SNAT pool: internal-snatpool 10.1.20.20 Current setup Example. prd1 10.1.20.1 - traffic-group-local-only, internal 10.20.30.213 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 192.168.1.22 - traffic-group-local-only, HA prd2 10.1.20.2 - traffic-group-local-only, internal 10.20.30.214 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 192.168.1.23 - traffic-group-local-only, HA possible setup example. prd1 10.1.20.1 - traffic-group-local-only, internal 10.20.30.213 - traffic-group-local-only, external 10.30.30.213 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 10.30.30.215 - traffic-group-1, external, port lockdown set to default 192.168.1.22 - traffic-group-local-only, HA prd2 10.1.20.2 - traffic-group-local-only, internal 10.20.30.214 - traffic-group-local-only, external 10.30.30.214 - traffic-group-local-only, external 10.20.30.215 - traffic-group-1, external, port lockdown set to None 10.30.30.215 - traffic-group-1, external, port lockdown set to default 192.168.1.23 - traffic-group-local-only, HA119Views0likes5CommentsNot able to change virtual server traffic group from traffic-group-local-only to traffic-group-1
We have two LTM device in which i observe one virtual server is missing in secondary device. I checked the virtual server configuration in primary that virtual server configure in traffic group from traffic-group-local-only now i am changing the traffic group but it is not changing. Is there any way to change it?Solved119Views0likes1Comment