F5 DNS Generic Host
I am trying to create a few generic hosts for a POC, but having issues with them being monitor failed. I created a new server named RANCHER-POC-11 and gave it an ip address of 10.4.65.11, this has a monitor of https assigned to it. I then created a virtual server with the same ip address and port 443 as well as the https monitor. The Server and Virtual Servers are both red triangles. I performed a packet capture and I don't see that the gtm is even attempting to monitor. I put a specific route in the network and pointed to the GW and now if I initiate a connection from the CLI I see logs in our monitoring but only if I do the connection manually. This is the first generic host we have tried to deploy as the rest of the virtual servers/pools are pulled from the LTM's and this service is not behind the LTM. Any suggestions would be appreciated. Thanks, Joe
Kerberos Auth is not working after keytab file -
Hi all , After we upload a new keytab file , the services are used kerberos authtication does not work ? any idea help ? i have already check all https://community.f5.com/discussions/technicalforum/f5-apm-aes256-in-keytab-for-kerb-auth-failed/321569 https://my.f5.com/manage/s/article/K01716018#CreateKeytabKtpass K24065228: Troubleshooting issues with BIG-IP APM Kerberos end-user logon authentication https://my.f5.com/manage/s/article/K24065228 https://my.f5.com/manage/s/article/K24065228#VerifyEncryption K73872229: Configure BIG-IP APM KDC validation in AD authentication https://my.f5.com/manage/s/article/K73872229 K01716018: Configuring Kerberos end-user logon authentication for multiple applications by merging keytab files https://my.f5.com/manage/s/article/K01716018 https://my.f5.com/manage/s/article/K24065228 K17371: BIG-IP APM may fail to authenticate when Kerberos AAA servers have different keytab files https://my.f5.com/manage/s/article/K17371 https://my.f5.com/manage/s/article/K000130298 https://my.f5.com/manage/s/article/K18315582Http / https health monitor issue
I tried to create https health monitor , but it is not worked curl -v https://d-p-m-d.bms.rome.com:10221/login StatusCode : 200 StatusDescription : Content : <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" > <link rel="stylesheet" href="css/material-components-web-3.0.0.min.css" /> <link rel="stylesheet" href="css/auth-shared.css" /> <link rel="... RawContent : HTTP/1.1 200 Set-Cookie: XSRF-TOKEN=a00fgfhjjffa-efc7-4ahjj9-bahhgf-1099ccgf21ghgcdd2; Path=/; Secure,locale=en; Path=/ X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Strict-Transport-Securit... Forms : {login-form} as a send string GET /login HTTP/1.1\r\nHost: d-p-m-d.bms.rome.com:10221\r\nConnection: Close\r\n\r\n receive string HTTP/1.1 200How do I create a traffic log for two different route domains?
I have two route domains on F5, EEE domain receives incoming traffic form external , accourding to policy send the traffic internal III domain - virtual server with an APM profile on it. I want to log this traffic. Domain EEE has virtual server E_vs --policy-->|| III domain I_vs- APM
How to Renew F5 Device Certificate
Hi Team , We have self-signed device certificate which is going to expire soon. Can you please let me know if I can click on renew and update the expiry date ? Please let me know the correct procedure to renew the device certificate . System ›› Certificate Management : Device Certificate Management : Device Certificate ›› server.crt
Big-IP not recognized by Big-IQ
Dear Techs, I'm in a strange situation where I'm supposed to add both F5 Big-IP with Big-IQ. Both Big-IP and Big-IQ are in same subnet, so firewall isn't a question. The Big-IP are in HA. I've successfully added the Standby unit with Big-IQ without any issues while adding the Active unit I'm getting below error message : The device <Big-IP-Management-IP> (null) is not a Big-IP device. I've added a total of 7 devices successfully, using the same procedure, same authentication. Any help with be greatly appreciated. Big IQ version : 8.0.0 Big-IP version : 14.1.4 thank you
LTM Rule, iRule, or Brute Force Configuration to Limit URL Access
Hi, One of the applications integrated with BIG-IP has a specific requirement, as detailed below: URLs under the subdomain https://fduat.fed.com need to limit access to only 10 times per day for each IP. Kindly check the feasibility and provide feedback. The URLs are as follows: /kyc-details/details /kyc-details/personal-detail /kyc-details/review-details /payment-details /vkyc /vkyc/success /summary /payment-details/payment Please confirm whether this requirement can be achieved using a Brute Force configuration, LTM rule, or iRule.