High CPU utilization (100%).
I observed high CPU utilization (100%) on F5 device, resource provision ASM nominal. I checked the client-side throughput and server-side throughput both are normal but found management interface throughput is very high and what i noticed this is happening in same time period for last 30 days. What could be the reason for this spike. Many thanks in advanced for your time and consideration.
automatic learning logs/report ?
Hello, My client has no other solution but to implement automatic learning for a new website where the owners won't help the team in understanding the application. On another side, security team wants to have information on what was changed and when by the automatic learning policy. I've come to article https://my.f5.com/manage/s/article/K58082590 that uses API to retrieve the list of learning suggestions for a given policy, but I'm not sure it will give me the information I need for automatic policy. Since suggestions that reach 100% are learned, I imagine the suggestion disappear as soon as 100% score is reached and the API will return nothing if the suggestion has already been learned. Is there a better way to get this report ? I'm ok with SIEM, syslog, API, or maybe an iCall ? To start with, I couldn't find the info in audit logs or in asm logs. some pieces of info are found in Webui : Security > application Security > audit > logs. But how to export this ?
Migration from physical Hardware to R series
I have a physical hardware box 4000s in which there are 4 X 1 gig interfaces in a trunk. In new r series device r4600 we have trunk with two 25 gig interfaces. Can I copy the UCS from old device and load it on the new device using no license no platform check command ? Anyone has done this type of migration, please let me know the steps you followed.
Irule for Host block with custom ASM violation
Dears, I have following scenarios, 1. if Traffic from Internal user/IP --- >Allow connection 2. Traffic from internet 2.1) Block access only on Host name ( URL ), That is -----> https://XYZ.com 2.2) Allow access to URI's, Thats is ------- > https://XYZ.com/abc or https://XYZ.com/* I tried multiple way and find some solution but its not working. Its great if some one helps here when HTTP_REQUEST { set reqBlock 0 if {[string tolower [HTTP::host]] eq "XYZ.Google.com" && [IP::addr [IP::client_addr] equals "10.0.0.0/8"]} { log local0. "[IP::client_addr] triggered geo" set reqBlock 1 } } when ASM_REQUEST_DONE { if {$reqBlock == 1} { ASM::raise VIOLATION_URL_GEOLOCATION } }F5 ASM Response logging show different timezone from Request logging
Dear All Respected Members, I have a question on f5 AWAF response logging. I am setting up a WAF policy to block attacks and monitor all traffic to and from the real servers. I can see the logs generated for both request & response, but it shown incorrect log timezone for responses. BIG-IP, real server and client are set local time zone GMT+7, but the repone logs are GMT. I have double checked timezone on all devices are configure correctly. Could you advise me what is the root cause and how to fix it? Thanks.
HA Configuration (One in primary and One in DR)
Hi folks, I currently have HA pair (active/passive) in a primary data center and we are bringing up a DR. wondering can I split up the HA pair (One in primary and One in DR) and continue to have HA with utilizing different subnets? We are using multiple IPSEC tunnels to connect the sites so we are still working on whether we can extend subnets but if we can't I wanted to ask if different subnets are possible. Thank you any info is appreciated