Issue on license renewal
Hello Dears I get this reply from F5 team regarding to licenses for two F5 boxes : Sometimes, there are special circumstances when our customers will ask to have add on modules/ add on keys retired. Usually this is from applying the same type of key twice to the same unit on accident, or applying it to the wrong unit overall on accident. When this has occurred, we are here to help out with retiring them and getting a new 0$ order processed for the key or keys, that were misapplied. However, there is a time limit on when this can be done. Retirement can only be achieved within a 2 to 3 week period when it was originally applied or the request will be rejected by our IT department. We cannot just move add on keys around because our customer wants us to, this is in the EULA when you activate the license. In order to move an add on module you need to have a legitimate issue with the add on key, i.e. you activated two of the same add on keys on the same device, but it still has to be within that timeframe. We can start the process to retire the add ons key. To better assist you, please share with us a list of specific add on keys that needs to be retired. If your request is rejected, we will need to forward your request to our Sales support team to explore what other options you may have to get this resolved from a sales aspect such as purchasing new keys, what else can be done, terms of the EULA, etc. We encourage you to follow the steps in article K34948229: Add-on license keys can only be activated on one device. https://support.f5.com/csp/article/K34948229 Rafael Fernandez | Tech support coordinator II could anyone explain more to me ? Best Regards27Views0likes1CommentiRule cookie persistence and pool redirect
Hi all, base on the on below setup... When Pool A/NodeA1 goes down, we expect URI /beta/ requests to be sent to Pool B, as nodeA2 can't accept URI /beta/ requests. However, when Pool A/NodeA1 goes down, we see the LTM sending URI /beta/ requests to Pool A/nodeA2. F5 support said cookies have precedence over iRule and the cookie will try to honor it's persistence, hence why traffic is still being sent to Pool A / nodeA2(A1 is down at that point). Strangely in lab I have a different behavior from the LTM. Whether it's an new or a subsequent request, the source_addr persistence record will show the connection for 3mins(default timeout value). During that time pressing F5 and CTRL-F5 will force the client's browser to reinitiate the communication. When I reinitiate, despite having received a cookie, previously, for Pool A / nodeA1 -- I also get a new cookie for Pool B / node B1 and connect to node B1 successfully. That behavior is what I'm expecting in production, but that's not the case. Should I be adding more to the iRule, in order to maninpulate the cookies, or any suggestions of what can be at cause? SETUP LTM contains: - cookie persistence with fallback source_addr - Pool A with member nodeA1(priority 15 ) & nodeA2(priority 5); with min-active 1 - Pool B with member NodeB1 only nodeA1 = 10.10.10.1 nodeA2 = 10.10.10.2 nodeB1 = 10.20.20.21 And an iRule that should mainly redirect like this: if { PoolA/nodeA1 is down + URI equal "/beta/"} { then send it to Pool B } else { send it to Pool A } Here is the iRule: when HTTP_REQUEST { set sslex 0 if { ([string tolower [HTTP::uri]] starts_with "/beta/") && ([LB::status pool Alpha-Pool member 10.10.10.1 443] eq "down") } { set sslex 1 set sni_value "betaServer.lab.com" HTTP::header replace Host "betaServer.lab.com" set uri [string map -nocase {"/beta /" "/"} [HTTP::uri]] HTTP::uri $uri pool Beta-Pool } else { set sslex 0 set sni_value "lab.com" pool Alpha-Pool } } when SERVERSSL_CLIENTHELLO_SEND { # SNI extension record as defined in RFC 3546/3.1 # https://support.f5.com/csp/article/K41600007 if { $sslex > 0 } { SSL::extensions insert [binary format SSScSa* 0 [expr { [set sni_length [string length $sni_value]] + 5 }] [expr { $sni_length + 3 }] 0 $sni_length $sni_value] } }Solved1.1KViews0likes3Commentsredirect not working
I have below scenario works without redirect if statement . when i add the if statement for uri redirect getting a reset. when HTTP_REQUEST { if { [HTTP::uri] starts_with "/" } { HTTP::redirect /testpage } #log local0. "Active members is [active_members pool1]" if { [active_members pool1] == 0 }{ if { ( ( [class match [IP::client_addr] eq "whitelist"] ) && ( [active_members pool2 ] > 0 ) ) } { pool pool2 } else { HTTP::respond 503 content [ifile get "applicationdown.html"] } } }68Views0likes11CommentsReliable resources for identifying IP addresses
Hello! I'm a project manager responsible for the WAF implementation in my organization. Aside from overseeing the implementation, I'm in the trenches, so to speak, with the everyday care and feeding of WAF which is likely unusual for a project manager. 😃 Our systems administrators have setup our WAF logs so that they are logged in Splunk and Oracle. I have created numerous reports, dashboards, and alerts that Splunk uses against a lookup table that I built to identify the IP address owners. This manually built and maintained by myself in Excel and was started with IP records provided by two of our business owners for educational institutions that use their services. The Excel spreadsheet is over 100K lines and I lookup IPs using ARIN as part of growing this IP table. This is cumbersome to say the least. My manager wants to move more of our WAF reporting to an Apex tool that one of our application developers built. This renders my Splunk lookup table useless. What resources are others in the community using to identify IP addresses? The application developer responsible for the Apex application would like something available via API. I began the effort to identify IP addresses to help with our tuning and remediation efforts. We look more kindly upon infractions from an educational institutions than traffic from a bot source. We will do post production tuning against a policy if one of our business owners reports a block on behalf of an end user. The IP identification helps with this process. Our WAF administrator is extremely cautious which I respect because we need to protect our infrastructure but our processes for remediation and tuning are quite tedious. Thank you in advance for any resources you can provide! Jodi28Views0likes2Commentsminimum tmos software version for connect CIS (openshift)
Hi I need your help I looking for minimum tmos software version for connect CIS (openshift) I can't find any documents relate to this topic please let me know if you know or have some documents or does not need software version for connect CIS (openshift) thank you26Views0likes2Commentssecurity patch release
I tried to install new fix release , but when i choose install configuration , no volume is displayed in source volume ? why ? what i have to check? example as below: Boot Location HD1.3 >> HD1.4 Product Version 15.1.9.1 >> 15.1.10.4 Build 0.0.5 >> 0.0.526Views0likes2CommentsAPI feed for WAF Attack Signatures
Hi again! This is my 3rd question post today and I'll try to make it my last for today. 😄 I'm a project manager responsible for our WAF implementation and I'm more involved in WAF care and feeding than a project manager should be. Is there an API feed available for WAF attack signatures both current and staged? Our WAF logs are fed into Splunk and Oracle. In Splunk, I built an Excel spreadsheet that I use as a lookup table that has current and staged attack signatures. I had help pulling the JSON feed from the F5 attack signatures database. I have to manually add to this file as I suspect our logging activity is causing additional characters such as percent signs to show up in the sig_ids field for my Splunk reports. As mentioned in one of my other posts, my manager wants to move over to an Apex application that one of the application developers on our WAF team has been building. The goal is to allow our business owners to authenticate and view WAF related reports that we develop for their organization. If we move to Apex, this renders the Splunk lookup table I've built and maintain useless, thus, I'm on a hunt for an API. If anyone has suggestions for staged attack signature management, I'll take those as well. I was told that I should monitor them which I am but our tuning and remediation processes are so tedious that I'm not sure how to work in yet another meeting to review and discuss staged attack signatures. 😒 Thank you! Jodi8Views0likes0Comments