Identify which virtual servers are using a specific SSL certificate
We use a wildcard SSL certificate for our QA sites. There are many of them. I am renewing the SSL cert but have no idea which Virtuals are using it. Is there an easy way to determine this other than checking each and every virtual, listing the Client-ssl profile and then looking up the profile to see what certificate is being used?
Install rpm packages using tmsh
Hi everyone, I’m trying to install the F5 Cloud Failover Extension (CFE) on my BIG-IP system, but I’m struggling to properly install the RPM package so that it appears under iApps → Package Management LX. Here’s what I have done so far: Successfully downloaded f5-cloud-failover-2.1.3-3.noarch.rpm Tried installing the package using rpm -ivh f5-cloud-failover-2.1.3-3.noarch.rpm. Restarted the REST API service using tmsh restart sys service restjavad. Despite these steps, the package does not appear under iApps → Package Management LX Also when I reinstall the package I get "package f5-cloud-failover-2.1.3-3.noarch is already installed" Is there a specific command to install RPM packages via TMSH so they are properly recognized? Or is there another step required to make the extension available? Thanks in advance for any insights!
View NAT / SNAT Sessions
Hi, I have recently enabled an SNAT in an iRule: switch -exact -- "1" [IP::addr [getfield [IP::client_addr] "%" "1"] equals 10.80.0.0/16] { snat automap } and I am trying to work out how many sessions are being SNAT'd as a result of this change. Issuing the commands: sho ltm nat sho ltm snat sho sys connection cs-client-addr 10.80.0.202 etc are not giving me any results. I am not so much interested in the details of the sessions, just totals so I can verify that I'm not exceeding the 64k limit but obviously doing something wrong. Thanks James
Remote User Management - LDAP Client Cert
Has anyone successfully deployed LDAP using client cert authentication to the BIG-IP TMUI? I see the guide though it is not very intuitive so I was curious if anyone would be willing to share their configuration? From what I hear, there have been bugs prior to 13.1 which have now been resolved to allow this capability. Thanks! https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-user-account-administration-13-1-0/5.html
How to modify client-ssl on multiple VS using TMSH
Hi, I was able to get the list of virtual servers using cert1 for example by list and grep. Now, I want to use TMSH to use the CLI in replacing client-ssl cert1 to cert2. If I have like 50 VS, how to do that using modify on TMSH? If I do modify /ltm virtual VSname profile add SSLname context clientside, im getting this error: "vs has more than one clientssl/serverssl profile with same server name" If I do delete, im getting this error: "Syntax Error: "context" is a read-only property" If I do replace-all-with, cert2 is configured but wipes all other profiles and i don't want to put alot of config to reconfigure all profiles in a VS. Is there a 1 line command I can do? TIASupported way to use MFA to BIG-IP GUI and shell
I have read on DevCentral various mechanisms to implement 2FA (MFA) using APM and even some packages to change the PAM and implement this on the SSH shell. Are there any supported mechanisms to protect the BIG-IP Web interface via multi-factor? Even if one had the APM, can it be turned around to control the BIG-IP GUI itself? Also, what about SSH access? I am curious if others have solved this issue. It is surprising to me that at least the GUI does not have a native MFA solution to basic administration. Thanks, Tom
