Question regarding F5 Viprion Configuration Migration to VE.
Requires suggestion regarding migration process-from F5 Viprion (B2250 /vCMP Guest -LTM Module) to F5 VE (On VMWare) in same datacenter. Both on F5 version 17.1.1 1.Is there any migration guide available , which includes detailed step by step process ? 2.This will be phased migration (few VS at a time ) or all configuration can be moved to VE at once ? 3.What due care needs to be taken before , during & after migration.
cross platform migration issue
Hi, we want to migrate the config from iseries 4K to rseries 5k . The current software version on iseries is 13.x.. I tried to run bigip v15.x on rseries, then export the config from iseries and import it into rseries, but not successful, there were some errors. Can someone please advise how should I do to make the migration successful? Thanks in advance!
TCL error: _cgc_pick_clientside
Hi, in an ASM-LTM (Perimeter) Setup I see frquently the following logs: ***err: tmm3[19962]: 01220001:3: TCL error: _cgc_pick_clientside - unknown cgc sni: f5-bei1.xxxx.xx (line 49) invoked from within "CGC::sni $tls_servername"*** Any idea what this TCL error causes? The clientssl is quite Basic: one certificate chain, no Server Name set. Thanks, Rolf
List all F5 macs?
I'm trying to track down a couple of mac addresses sent to me by the CyberOps team and haven't been able to find them. I've checked our F5s (OUIs are 00:0a:49 and 00:23:e9), but don't see any macs with those. A couple of our test F5s were recently decommissioned, and I'm wondering if the macs may have belonged to one of them. The command I'm using to display the macs on each of our F5s is... tmsh show sys mac-address Does this command return a complete list, or are there some macs it misses? Is there another command I need to use as well? Thanks!Warning while running tmsh load sys config verify
Hello , I ran "tmsh load sys config verify" before code upgrade of an HA having LTM, APM , ASM running on it. No idea about 2 warning shown below. How to fix it before Code Upgrade ? Or with this Warning can I still proceed for Code upgrade ? Validating configuration... /config/bigip_base.conf /config/bigip_user.conf /config/bigip.conf /config/bigip_script.conf There were warnings: /Common/SSl-Debug:28: warning: [The following errors were not caught before. Please correct the script in order to avoid future disruption. "unexpected end of arguments;expected argument spec:PROC_SCRIPT"1592 798][proc flowid-gen { # Find the name of this Virtual Server, minus the partition/path. # # Use these for the short VIP name set vipsplit "[split "[virtual name]" /]" set vipname "[lindex $vipsplit end]" # Use this instead for the VIP name including partition path #set vipname [virtual name] # Start an event counter set eventnum 1 # Mark the start time and create a unique ID for this flow set flowtime "[clock clicks]" set flowid "slot[TMM::cmp_group]/tmm[TMM::cmp_unit]-$flowtime" # this return left in iffy state due to no proc calls from flow_init experimentation return "$vipname $flowid $flowtime $eventnum" }] /Common/SSl-Debug:137: warning: [The following errors were not caught before. Please correct the script in order to avoid future disruption. "unexpected end of arguments;expected argument spec:PROC_SCRIPT"10855 57][proc test { log -noname "test happened!" }] In profile access (/Common/ActiveSync_App.app/exch), duplicate log destination (/Common/local-db) is found with configured publishers (/Common/sys-db-access-publisher) and (/Common/sys-db-access-publisher). In profile access (/Common/ActiveSync_App.app/exch), duplicate log destination (/Common/local-syslog) is found with configured publishers (/Common/sys-db-access-publisher) and (/Common/sys-db-access-publisher). In profile access (/Common/OutlookWebAccess_App.app/exch), duplicate log destination (/Common/local-db) is found with configured publishers (/Common/sys-db-access-publisher) and (/Common/sys-db-access-publisher). In profile access (/Common/OutlookWebAccess_App.app/exch), duplicate log destination (/Common/local-syslog) is found with configured publishers (/Common/sys-db-access-publisher) and (/Common/sys-db-access-publisher).
Python para Recopilación de Información en F5 BIG-IP
He creado un script de Python que te permite obtener información crucial de tu dispositivo F5 de manera rápida y sencilla. Con él, podrás obtener: 📋 Información del Sistema: Hostname, versión de TMOS, modelo de hardware y número de serie. 🚦 Estado de Alta Disponibilidad (HA) 🌐 Servidores Virtuales: Estado, dirección de destino, disponibilidad y un par de detalles importantes. El script utiliza la librería f5-sdk para conectarse a tu dispositivo F5 BIG-IP y extraer la información relevante. Solo necesitas proporcionar el nombre de usuario y la dirección IP del dispositivo como argumentos. https://github.com/exzo3/virtual-server/tree/main
SNI Sites not taking correct certificate.
I have configured one VIP with two certificate aks.test.com aks4.test.com On SSL profile for aks.test.com i have enabled SNI feature and aks.test.com is working fine taking correct certificate (aks.test.com). but aks4.test.com having not secure error on browser and taking the certificate of (aks.test.com). Could someone please help what could be the issue in this case.PKI PIN works for users from one network, not the other.
We have external users and internal users accessing a virtual server. It's fronted by an APM policy, that asks for the DoD PKI/pin, does an OCSP check, LDAP check, and then sends users on their way to LTM. (there's no SSO, or anything involved) When being load balanced to the application, the end application prompts the users for their PKI/PIN at the app again for access. For the internal network users, this works. For the external network users, their PIN is not being accepted. Is there something I'm missing on the F5 side of things? I even disabled APM for that FQDN through the VS and it still has the same result.
