Guest Role User Lost Visibility in ASM/WAF Module – LTM Working Fine
Hi community, I'm troubleshooting a strange issue on our F5 BIG-IP and hoping someone has run into this before. Environment: - Module: ASM (WAF) - User Role: Guest - Partition Access: All Partitions Problem: A user with the Guest role and access to all partitions suddenly lost the ability to view any information in the ASM module. When navigating to Security > Application Security > Policies, the table shows "No records to display" — even though policies exist and are active and viewable from other non-guest accounts. The strange part: LTM is working perfectly fine for this user. They can view virtual servers, pools, nodes, etc. without any issue. The problem is isolated to ASM only. Any pointers would be greatly appreciated. Happy to share outputs if needed. Thanks!Problem with sending BotDefense logs to remote server
Hi, I have a question about sending logs to a remote log-management server. When I want to create a bot defense logging profile, it doesn't offer me a remote server in the config menu, but only a local storage, am I doing something wrong? I'm already using a remote server for ASM.. thank you for any advice ===================== I set the same for ASM and the option is already there - I use it fine Bot Defense - creating new Logging Profile ..to see that the option to select a defined Remote Publisher location is missing
Bigip Restoration From Hardware to VM
Hi All, I wanted to know about the prerequisites and the proper steps to do the restoration test from an F5 r2600 Device to an F5 Bigip VM. So I have tried it and it comes with multiple errors 2026 Mar 17 18:10:15 Hostname.COM logger[3452]: Re-starting named Reloading License and configuration - this may take a few minutes... Broadcast message from systemd-journald@Hostname.COM (Tue 2026-03-17 18:10:21 IST): load_config_files[4013]: "/usr/bin/tmsh -n -g -a load sys config partitions all " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Unexpected Error: Loading configuration process failed. 2026 Mar 17 18:10:21 Hostname.COM load_config_files[4013]: "/usr/bin/tmsh -n -g -a load sys config partitions all " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Broadcast message from systemd-journald@Hostname.COM (Tue 2026-03-17 18:10:21 IST): load_config_files[4542]: "/usr/bin/tmsh -n -g -a load sys config partitions all base " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Unexpected Error: Loading configuration process failed. 2026 Mar 17 18:10:21 Hostname.COM load_config_files[4542]: "/usr/bin/tmsh -n -g -a load sys config partitions all base " - failed. -- 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure Configuration loading error: base-config-load-failed For additional details, please see messages in /var/log/ltm Is it all coming due to a mismatch of the Master Key or something? Both devices are in the same version, and I also verified the resource provisioning. I wanted to know the reason for this and also the proper steps to test restoration from F5 hardware to VM. SME's Kindly help me on this..
After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs
After upgrading from PeopleTools 8.59.09 to 8.61.11 F5 APM is not rewriting all the internal urls for PeopleSoft Portal Application that also has Home page tiles from HRMS 9.2. Clicking on these tiles takes us to Internal URL instead of F5 externally resolvable url. How to troubleshoot this. I have a case opened with F5 support, but interested in any one else using F5 APM for peoplesoft and seeing similar error.Terraform AS3 code for GTM Only.
Hello All, I am really really suffering here :( Have been looking for GTM ONLY code in AS3 form, need a simple code hardcoded values will also work. I have seen documentation and couldn't see exact use case. We are doing POC for where VMs are direct;y added to GTM and NO LTM component are there. I can't post my LTM + GTM code as its in office. Would really appreciate any help and guidance here. Any simple code work snippet using only AS3 please.
expandsSubcollections and filtering in F5 SDK
Hello, I need to use the F5 BIGIP SDK to pull all the firewall policies from a partition along with their respective expanded rules. I wrote the following code: policies = f5_manager.mgmt.tm.security.firewall.policy_s.get_collection( requests_params={ "params": f"$filter=partition eq {partition_name}&expandSubcollections=true" }, ) If i only want to use expandSubcollections=true or only the filter it works as expected. However, when I try to combine them it doesn't expand the results anymore. Has anyone encountered this before? Thanks!How are memory and disk allocated to different modules on bigip appliance?
hi, when doing "Resource Provisioning", the memory and disk space are auto allocated to LTM and ASM are shown as below. The amount of Memory and disk is minimum requirement, right? When a huge number of virtual server will be created later, will appliance auto allocate more spare memory and disk to the module? And what is he management module responsible for? Is it responsible for packet forwarding? should we set "Provisioning" to "Medium" or "Large" if the throughput is larger than 1Gbps? Can someone please advise? thanks in advance!
F5 Device Certificate renewal process on Active and Standby devices
Hi Team, The SSL certificates on the load balancers we manage (both Active and Passive) are set to expire in July. Could you please share the recommended steps to renew them correctly and ensure a smooth implementation without any service impact? Certificate Expiry Details Active Load Balancer: Expires on July 26th, 2025 Passive Load Balancer: Expires on July 27th, 2025 Please note that in our case, both load balancers are using different certificates.Issue with 2 parallel F5 clusters
Hello everybody and first of all thank you for taking the time to read my issue! The issue that I have is in regards to a migration We have a productive F5 BigIP cluster (Active/Standby), let's call this "Old F5", which has a lot of Virtual Servers in partitions, with specific pools and monitors for each application/service This device also has 2 Vlans, internal (vlan11) and external (vlan10), and 2 interfaces in an LACP that it's tagged on both Vlans, and it's connected to the same one leg to a Cisco APIC It has 2 Self IP addresses (one for each Vlan): 10.10.10.1-Vlan "external" 10.20.20.1-Vlan "internal" (numbers are just for example) It also has 4 Floating IP address (2 for each Vlan) with 2 traffic groups: 10.10.10.2-Vlan external traffic group 1 10.10.10.3-Vlan external traffic group 2 10.20.20.2-Vlan internal traffic group 1 10.20.20.3-Vlan internal traffic group 2 This device (cluster) has to be replaced by another F5 BigIP cluster (let's call this new F5), this device is an identical copy to the old F5 (the config was took from the old one and imported to the new one), meaning same Vlans, monitors, pools, VServers IP addresses etc At the moment this one has the 2 interfaces disabled and a blackhole default reject route set up in order to not interfere with the old F5 which is the productive one. The ideea is to configure the new F5 device with IP addresses from the same subnet (for example 10.10.10.5), and disable all the Virtual Servers so it doesn't handle traffic (the nodes, monitors, pools stay up on both devices), and have the 2 F5 devices, old and new, running in parallel and then move the Virtual servers one by one by just disabling the VS on the old F5 and enable it on the new F5. At this point we also remove the blackhole route, configure the correct default static route (the same which is on the old F5), and enable the interfaces This sounded and looked good, on the new F5 the nodes, pools are green and the Virtual servers are disabled as expected. On the old productive F5 everything is up and green BUT if I try to reach one of the Virtual servers, either by the Virtual IP address or hostname the attempt just times out without any response (if I try to telnet to the VS on port 443 it connects meaning that the old F5 accepts the traffic) I tried to disable on the new F5 also the nodes but still the same behaviour, the only to get it back to work is to disable the interfaces on the new F5 and add the default reject blackhole route. This is not how I imagined it to work, in my mind I was expecting that the old F5 will work as normal, and the new F5 device will see the nodes and pools up (confirming good communication) but don't handle any traffic regarding the Virtual servers because they are disabled. Does anyone have any idea what is causing this issue, why when both F5 devices are up in parallel, the connection to the Virtual server through the old productive F5 times out while that F5 sees both the pools and Virtual servers as up and running. Thank you in advance!
