SMTP iApp Template - Early Release
Problem this snippet solves: INITIAL RELEASE Minimum required BIG-IP version: 11.4.0. Supported BIG-IP versions: 11.4.0-12.0 v1.0.0rc1 iApp template for configuring standard load balancing, monitoring, SSL offloading, and TCP optimization for Simple Mail Transfer Protocol (SMTP). The template also supports deploying F5's Advanced Firewall Manager (AFM), when AFM is licensed and provisioned. v1.0.0rc2 There were no changes to the functionality in this release. Minor changes to clarify some of the questions and answers. Added inline help entries. v1.0.0rc3 Fixed an issue with the associated cli script that could prevent users from importing iApp templates. v1.0.0rc4 Fixed an issue with selecting password-protected encryption keys. To use a password-protected encryption key, you must create an SSL profile that uses the key and specify that profile where indicated in the iApp template. v1.0.0rc5 Fixed an issue with incorrectly formatted external monitor scripts. v1.0.0rc7 Fixed an issue with monitors utilized in the server-side ssl scenarios, as a result the openssl eav monitor is used in the 'no msg submitted' monitor scenarios. A fifth monitor option was presented as well to break the 'auth/no msg' option into basic and ntlm so the iApp can use openssl if Basic(auth login) is selected. - This release also allows a custom receive string to be specified(advanced must be selected). v1.0.0rc8 Minor updates and enhancements to the monitor choices. For the associated deployment guide, see [http://www.f5.com/pdf/deployment-guides/f5-smtp-dg.pdf] Contributed by: F5 Code : 83126 Tested this on version: 12.0HTTP iApp - downloadable version
Problem this snippet solves: This F5 Contributed iApp template is an update to the HTTP iApp that ships by default with the BIG-IP system. v1.3.0rc1 v1.3.0rc1 of the HTTP template contains no new features or visible changes, but removes a substantial amount of code from the iApp that was included to ease the transition from BIG-IP versions 11.3 to 11.4. 1.3.0rc1 is available in the Release Candidate directory of the iApp package on downloads.f5.com. The associated deployment guide can be found at http://f5.com/pdf/deployment-guides/esd-iapp-http-dg.pdf. v1.2.0 The officially supported version of http.v1.2.0 has been released to downloads.f5.com in the root HTTP directory. This version contains all of the changes in the Release Candidates. See the README file in that directory for more details. The associated deployment guide can now be found at http://f5.com/pdf/deployment-guides/esd-iapp-http-dg.pdf. v1.2.0rc5 http.v1.2.0rc5 is available on downloads.f5.com in the RELEASE CANDIDATE directory. This version the ability to select and apply any LTM policy present on BIG-IP to the virtual server(s) created by the iApp. This new section only appears in Advanced mode. It also fixes an issue that would result in an error state when trying to deploy the iApp for ASM in BIG-IP versions 12.1 and later. Instructions can be found at http://f5.com/pdf/deployment-guides/rc-iapp-http-dg.pdf v1.2.0rc4 v1.2.0rc4 of the HTTP iApp is available on downloads.f5.com in the RELEASE CANDIDATE directory. This version contains the ASM fix mentioned in RC3 and also contains a fix with address tranlation being disabled if the iApp was configured to not use a pool. Instructions can be found at http://f5.com/pdf/deployment-guides/rc-iapp-http-dg.pdf v1.2.0rc3 v1.2.0rc3 of the HTTP iApp adds the ability to use ASM in the configuration if you are using BIG-IP version 12.0 or later. The version v1.2.0rc2 that was previously posted on this page did not include this feature, but incorrectly claimed it did. v1.1.0 v1.1.0 of the HTTP iApp template includes the ability to choose a pre-existing BIG-IP Access Policy Manager (APM) Access Policy, as well as an updated BIG-IP Advanced Firewall Manager (AFM) section. This template was previously named HTTP Backport (most recently f5.http_backport.v1.0.4. This is a new codeshare page to host the f5.http.v1.1.0 template (note that this iApp is unchanged from the version posted on the HTTP backport codeshare page: https://devcentral.f5.com/codeshare/http-backport-a-variation-of-f5http-delivered-with-tmos). New F5 contributed versions of the HTTP template will be posted here. Code : https://downloads.f5.com/esd/product.jsp?sw=BIG-IP&pro=iApp_TemplatesF5 Remote Logging iApp
Problem this snippet solves: Early Release This updated version of the Remote Logging iApp template configures basic Remote High-Speed Logging on a BIG-IP system for Network Firewall (BIG-IP AFM) and/or Application Security (BIG-IP ASM). The iApp can create separate logging profiles, or use the same profile for both ASM and AFM. It also now includes the ability to log IP Intelligence events, if the BIG-IP system has an active IP Intelligence license. Prerequisites The AFM and/or ASM module must be licensed and provisioned. Logging servers must be configured to accept messages from the self IP address(es) of the BIG-IP system. The template supports BIG-IP v11.4 and later. Code : 46226Air Gap Egress Inspection with SSL Intercept iApp Template Release Candidate
Problem this snippet solves: Note F5 has released a new F5 supported iApp template (f5.ssl_intercept) that replaces all versions of Air Gap template. Find the template and details on AskF5: https://support.f5.com/kb/en-us/solutions/public/k/75/sol75104042.html We strongly recommend using the fully supported SSL Intercept iApp instead of any of the Air Gap release candidates. Initial Release v1.0.0rc1 iApp template for configuring LTM to decrypt outbound SSL traffic for inspection by a security device, such as an Intrusion Prevention System (IPS). BIG-IP intercepts and decrypts HTTPS client traffic, and forwards it to: Layer 2 mode: The internal self IP address of the egress BIG-IP. The security device sits between the ingress (client-side) and egress (internet-side) BIG-IPs. Two BIG-IP systems are required for this scenario. Layer 3 mode: The layer 3 IP address of the security device. The security device must be configured to route outbound traffic to the internal self IP address of the egress BIG-IP. This scenario supports deployment on a single BIG-IP system configured with separate ingress and egress networks, or two BIG-IP systems. After inspection, the egress BIG-IP re-encrypts the SSL traffic and forwards it to a pool of routers or other devices. Optional: If the ingress BIG-IP system is running BIG-IP version 11.5.0 or later and has Secure Web Gateway (SWG) provisioned and URL Filtering licensed, users may choose to bypass SSL decryption for selected SWG URL categories. v1.0.0rc2 This includes all of the functionality from the RC1 template. It adds support for using the network firewall (AFM must be licensed and provisioned) to restrict outbound access to specific networks/addresses. Support for explicit forward proxy is also included. v1.0.0rc3 Fixed an issue with the associated cli script that could prevent users from importing iApp templates v1.0.0rc4 Multiple changes, including: iApp now supports decrypting HTTPS traffic over any TCP port, previous versions only supported port 443. A UDP forwarding ingress virtual server is created. iApp now supports the use of a default route for forwarding of egress traffic. iApp now supports selecting LTM data groups for bypassing SSL intercept by hostname, source IP address, or destination IP address. A performance issue was corrected. v1.0.0rc5 Fixed missing variable error when deploying egress scenario in advanced mode Added SNI (Server Name Indication) support Minimum required BIG-IP version: 11.4. You can find the associated deployment guide at Air Gap Egress Inspection with SSL Intercept. Contributed by: F5 Code : 63696Microsoft Dynamics CRM iApp template
Problem this snippet solves: You can use this F5 supported iApp template to configure availability, encryption, security, proxy authentication, and remote access for Microsoft Dynamics CRM 2011 and 2013 deployments. This template will configure BIG-IP LTM, APM, AAM, and AFM for Dynamics CRM deployments. For instructions on downloading and installing the iApp, see SOL15895. For instructions on using this template and configuring your Microsoft Dynamics CRM 2011 or 2013 environment, refer to the Deploying the F5 Microsoft Dynamics CRM Deployment Guide. Code : https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15895.html
HTTP Backport - A variation of f5.http delivered with TMOS
Problem this snippet solves: v1.0.3 Adds support for attaching a pre-existing ASM policy when deploying on BIG-IP v11.4.0 and later (template supports BIG-IP v11.3 and later). v1.0.4 Fixes an issue with the associated cli script that could prevent users from importing iApp templates v1.1.0 Adds AFM and APM profile selection. Note: there is now a dedicated page for the v1.1.0 iApp template: https://devcentral.f5.com/codeshare/http-iapp-v110 v1.2.0 Contains a fix for users upgrading from the legacy 11.3 variable schema. Code : 46490,63889,66226Data Center Firewall Quick Start iApp template
Problem this snippet solves: This iApp template is meant to accompany the new Data Center Firewall deployment guide and simplify the initial configuration. This iApp has two related functions. (1) If you choose it can apply (enforce or stage) basic global edge-firewall policy to guard all traffic through the BIG-IP. (2) It can create all of the BIG-IP AFM address, port, icmp, and rule lists described in the f5 Deployment Guide Deploying the BIG-IP Dual-Stack Data Center Firewall With F5 Advanced Firewall Manager customized for your network, plus all of the related network firewall, IP Intelligence, and HTTP protocol security policies. This iApp can also create the iRules shown in the Deployment Guide plus IP Intelligence feed lists, blacklist categories, and related LTM objects including (if you wish) local white- and blacklists stored in BIG-IP datagroups. You may use these objects as building blocks in your own AFM firewall configuration. For the deployment guide, see http://www.f5.com/pdf/deployment-guides/f5-data-center-firewall-dg.pdf Code : 62139Microsoft Remote Desktop Gateway servers iApp
Problem this snippet solves: You can use this F5 supported iApp template for directing traffic and maintaining persistence to Microsoft Remote Desktop Gateway Services. The iApp template enables you to configure the BIG-IP APM to act as a secure HTTP proxy for RDP connections, as well as BIG-IP AFM to provide a sophisticated layer of security for your Remote Desktop Gateway Server deployment. BIG-IP APM can securely proxy RDP connections if using 11.6.0 or later. For instructions on downloading and installing the iApp, see SOL16340. For the associated deployment guide, see http://www.f5.com/pdf/deployment-guides/microsoft-remote-desktop-gateway-dg.pdf. Code : https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16340.htmlMicrosoft Remote Desktop Session Host servers iApp template
Problem this snippet solves: f5.microsoft_session_host.v1.0.2 This is the fully supported version of the iApp template, now on downloads.f5.com. It contains the fix described in the release candidate below. For the associated deployment guide, see http://www.f5.com/pdf/deployment-guides/microsoft-rds-session-host-dg.pdf See the Early release page: Previous version You can use this F5-supported iApp template to help you configure the BIG-IP Local Traffic Manager (LTM) to direct traffic and maintain persistence to Microsoft Remote Desktop Services Session Host servers. You can also use the iApp template for configuring the BIG-IP Advanced Firewall Manager (AFM) to provide a sophisticated layer of security for your Remote Desktop Session Host deployment. Remote Desktop Services enables users to remotely access full Windows desktops, or individual Windows-based applications, on Remote Desktop Session Host computers. In an environment that uses a BIG-IP LTM system, a farm of Remote Desktop Session Host servers has incoming connections distributed in a balanced manner across the members of the farm. For instructions on downloading and installing the template, see SOL16335. For the associated deployment guide, see http://www.f5.com/pdf/deployment-guides/microsoft-rds-session-host-dg.pdf Code : https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16335.htmlMicrosoft Lync Server v1.4.0 iApp Template
Problem this snippet solves: Posted on 11/19/2014 f5.microsoft_lync_server_2010_2013.v1.4.0rc1 You can use this F5 contributed Release Candidate iApp template to Microsoft Lync Server 2010 and 2013. This version of the iApp template includes the following updates: The iApp now supports deploying F5's Advanced Firewall Manager (AFM) to secure external Lync Edge and Reverse Proxy services. The iApp now supports using DNS load balancing for non-HTTP Lync Front End services. f5.microsoft_lync_server_2010_2013.v1.4.0rc2 This version corrects an issue with TURN via the UDP 3478 virtual server. f5.microsoft_lync_server_2010_2013.v1.4.0rc3 Fixed an issue with the associated cli script that could prevent users from importing iApp templates. f5.microsoft_lync_server_2010_2013.v1.4.0rc4 RC-4 contains only a small correction to the iRule produced by the iApp template. The iApp will now always force the FQDN written to lowercase in the iRule, even if the user enters CAPITAL letters. f5.microsoft_lync_server_2010_2013.v1.4.0rc5 RC-5 attaches a supplemental ICMP monitor to the Edge internal UDP virtual server. See https://support.f5.com/kb/en-us/solutions/public/6000/100/sol6143.html for more information. f5.microsoft_lync_server_2010_2013.v1.4.0rc6 RC-6 Fixes a security log profile error when deploying on versions of BIG-IP earlier than 11.4, where AFM is not available. Code : 66668
