announcement
90 TopicsProblem with self-signed certificate
We have a self-signed certificate on a Back End server. However, this certificate is not secure. I need F5 to ignore the untrusted certificate and apply a certificate that I configured in the SSL profile. I've done several tests, but without success.49Views0likes7CommentsHow are memory and disk allocated to different modules on bigip appliance?
hi, when doing "Resource Provisioning", the memory and disk space are auto allocated to LTM and ASM are shown as below. The amount of Memory and disk is minimum requirement, right? When a huge number of virtual server will be created later, will appliance auto allocate more spare memory and disk to the module? And what is he management module responsible for? Is it responsible for packet forwarding? should we set "Provisioning" to "Medium" or "Large" if the throughput is larger than 1Gbps? Can someone please advise? thanks in advance!64Views0likes7CommentsWhat is the best practice to deploy single Tenant in F5 rseries?
Hi, we are going to deploy new rseries 5k with single Tenant. What is the best practice to setup? I plan to setup like below, can someone please advise whether it is correct or not? And I have question on auto disk space and memory allocation. Thanks in advance! Allocate all the disk space to this large single tenant Allocate all the memory to this single tenant within the tenant, set "Large" to "Mgmt" module for the rest modules: LTM, GTM , ASM , set "Normal" under Resource Provisioning". Seems the system automatically allocate disk space and memory to each module. Based on the amount of disk space and memory allocated to these modules, seems there are still a lot spare diskspace and memory. Will these modules automatically share the rest spare diskspace and memory when necessary?14Views0likes0CommentsAny issue if setting up LTM and GTM/DNS on the same F5 Appliance Cluster?
Hi, we have a pair of F5 appliance, and plan to setup HA cluster. After HA configuration and both appliance in sync, LTM works well as active/standby mode as expected GTM delivery listener is active on active F5 appliance as expected, the dns queries are routed to the active appliance GTM wild-ip pool members are shown "down" state on Standby appliance. The status of Data Center/Links are also shown "down" on the Standby appliance. Is it normal? Both F5 appliances are configured under the same GTM sync-group with different external physical links. Can someone please advise? Thanks in advance!14Views0likes0Commentssome questions on device Trust Certificate?
hi, I have two questions on device trust certificates (client cert). why there are duplicate certificates on Device Trust Certificate list? I saw duplicate gtm device certificates in LTM devices. is it true that only gtm device certificate is sent to ltm device, and reverse "no" -- no ltm device certificate in gtm Device Trust Certificate list? I checked out gtm and ltm devices for our different regions, no ltm device certificate is on any gtm Device Trust Certificate list. Can someone please help advise, thanks in advance!Solved50Views0likes5CommentsWhat is the best practice for migrating from iseries to rseries?
hi ,we plan to migrate to new r-series F5 (v15.1.x) from i-series legacy appliance v13.x.x. We will create the same vlans and IP address config, but the physical interfaces will be different. The new r-series appliance is already licensed. What is the best practice for this migration? option1: import the whole UCS file to new r-series appliance. after importing the ucs to new appliance, what are the next steps to complete the whole migration? option2: copy the config for every module, for example to copy ltm config first, then gtm, final AFW ...... can someone please advise, thanks in advance!175Views0likes8Commentswhy the device certificate verify failed when the device certificate is not expired?
hi, we have some GTM/DNS devices. One of them - DSN01 is shown down, but the error message is shown as below. SSL error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (336134278) the device certificate of DNS01 is still not expired. And can ping DNS01 external physical interface IP from other DNS nodes. On DNS01, other DNS nodes are shown online. Can someone please advise what the possible cause is? Can restarting big3d on DNS01 to resolve the issue? Thanks in advance!Solved149Views0likes8CommentsBIG IP Link failover happen but i try to link fallback
I have used LTM-DNS with AFM on BIG IP. For Internet outgoing I used wildcard VS link failover happens when wan1 is down it goes to wan2 but I want to link fallback when WAN1 comes up again. We noticed that when one link (WAN1) goes down, traffic shifts to the other link (WAN2) as expected. However, when the WAN1 link comes back up, traffic does not automatically route back to it. To move traffic back to WAN1, we need to disable the WAN2 link manually or physically remove it. Thanks Prasad81Views0likes7CommentsAPM Portal request to change password if the password expired
Hello all, I have a portal access on the APM, we trying to add something if the AD password of the user expired, when he put it the portal ask him to put new one, and the new one sync with the AD, something like below, any ides ? note: we have Fortiauth as the radius server, and the groups all imported from the AD.56Views0likes1Comment