SSL Bridging and FQDN rewrite Policy
We are trying to deploy a VIP that will do SSL Bridging but also rewrite the fqdn to the server... So Client goes to https://www.example.com and is terminated on the F5 VIP and then send the traffic on the server as https://www.myexample.com with the F5 terminating both TLS connections. I have tried several profile combinations, but I see that the traffic going the server as the original domain and not being rewritten. If this would be easier to do with an iRule I am ok with that as well but have tried to use more policies than iRules recently. Thanks, Joe
Cisco TACACS+ Config on ISE LTM Pair
I'm trying to add TACACS+ configuration to my ISE LTMs (v17.1.3). We use Active Directory for authentication. The problem is when I try to create the profile, the "type" dropdown does not show "TACACS+". APM is not provisioned either, not if that is needed. I provisioned it on our lab, but no help.
How can I get started with iCall
Hi all . Recently, I want to learn how to use iCall to do some automated operations work, but I haven't seen any comprehensive tutorials about iCall on askf5. Are there any good articles I can refer to for learning? Do I need to systematically learn Tcl first? I still have a question about iCall. What is the difference between using iCall and using shell scripts with scheduled tasks to achieve automated management and configuration of F5? Best RegardsCould not communicate with the system. Try to reload page.
I am trying to check for live updates of attack signatures in F5, but I am getting a message. In passive devices, the signature list does not display — it keeps loading and never shows the updated signatures. Has the destination or location of the signature updates changed in version 17?
Not seeing the latest F5OS-A when running Journeys
Hello, we're looking at the Journeys migration tool for migrating from the i-series F5 to the r-series F5 and, when running this utility in the off-mode, the latest F5OS-A that is presented to us is 1.5.0 as opposed to 1.8.0. IS this a bug in Journeys or has something to do with the fact we're running it in the off-mode? Thanks.
iRule to statically assign IP to user
Hi all, We are trying to create a new rule to assign static ip to VIP users when APM sesssion is started. Our first approach is to get session.logon.last.username to a variable, create an array with login id's an ip address for each one, and then find user login in the array to get the ip address value we have: when ACCESS_SESSION_STARTED { # get user from APM session set usuario_login [ACCESS::session data get "session.logon.last.username"] # users <-> IP list array set ips_estaticas { "usr1" "XXX.XXX.XXX.XXX" "usr2" "YYY.YYY.YYY.YYY" "usrN" "ZZZ.ZZZ.ZZZ.ZZZ" } How could we look for the user in the array to get the IP? Thanks a lot Andres
Putting new and updated signature in staging
Hi, I have some questions about the mechanism in ASM (version 12.x) in updating attack signatures to: put newly added attack signature in staging, AND put updated/modified existing signatures in staging. I know that to achieve this, I need to check the "Place updated signatures in staging" in Security >> Application Security >> Policy Building >> Learning and Blocking Settings. But do we need to check "Enable Signature Staging" (the option just on top of it)? As reading some past answers to this similar questions, it was suggested to enable signature staging first before updating. Isn't this option will put all signatures in staging instead of just the new/updated ones? Thanks!
BIG-IP VE: 40G Throughput from 4x10G physical NICs
Hello F5 Community, I'm designing a BIG-IP VE deployment and need to achieve 40G throughput from 4x10G physical NICs. After extensive research (including reading K97995640), I've created this flowchart to summarize the options. Can you verify if this understanding is correct? **My Environment:** - Physical server: 4x10G NICs - ESXi 7.0 - BIG-IP VE (Performance LTM license) - Goal: Maximize throughput for data plane **Research Findings:** From F5 K97995640: "Trunking is supported on BIG-IP VE... intended to be used with SR-IOV interfaces but not with the default vmxnet3 driver. [Need 40G to F5 VE] ┌──────┴──---------------------- ────┐ │ │ [F5 controls] [ESXi controls] (F5 does LACP) (ESXi does LACP) │ │ Only SR-IOV Link Aggregation │ │ ┌───┴───┐ ┌───┴───┐ │40G per│ │40G agg │ │ flow │ │10G/flow │ └───────┘ └───────┘
