iRule for X509 Subject
I have an iRule that is working and inserts a certificate DN into a header In the header the cert DN is inserted as: x-ssl-client-dn: C=<country >, O=<Org>, OU=<OU>, CN=<User name> the application owner wants changed to the following: x-ssl-client-dn: CN=<Usern Name> , OU=<OU> , O=<Org> , C= <Country) How can this be reversed7Views0likes1CommentUnable to create F5 in AWS via CFT - no internet access
Hello, I ma having bad times while creating deployment in AWS from templates without internet access: https://github.com/F5Networks/f5-aws-cloudformation-v2 I already deployed yaml and runtime package on apache server in VPC. Based on tcpdump, the F5s are doenloading configuration files correctly. But then there is some wget timeout in EC2 Console. I think its trying to download some other stuff, yet I have no idea how to modify the runtime package. Can even open it via tar or gzip. Does anyone know how to do this? Customer does not want to allow internet access and proxy is not supported by CFT templates. Thank you Best regards64Views0likes12CommentsF5 on AWS Cloud
Hi Team, We have a requirement coming up where few applications need load balancing on AWS cloud and customer want to explore the F5 load balancing options. I checked AWS marketplace and there are multiple options for Pay-as-you-go (PAYG) scheme. I have few doubts: Out of multiple options available as per throughput in AWS (25Mbps/200Mbps/1Gbps/5Mbps), how can we propose the best option. Based on the number of expected client session to the application, can we identify the correct Virtual Edition? Is there any document available that mentions the VE Image based on throughput and the number of connections it can handle? Is there any option that we can re-use the existing license from the hardware device running on-premise? Thanks in advance Vijay25Views0likes2CommentsAWS Multi Nic F5 - config sync across Availability Zones
Hello , i am in the process of creating 3 F5s in 3 AWS - AZs . and i am following below document . Question - if the 3 devices are configures n 3 different VPC subnets the They will have different VIP ips . what will sync in a sync only group ? https://clouddocs.f5.com/cloud/public/v1/aws/AWS_configsync.html13Views0likes0CommentsMigrating F5 VE to ZTE CloudOS: A Step-by-Step Guide
Migrating F5 VE from its current environment to ZTE CloudOS involves several key steps. Here's a detailed guide: 1. Assess Current F5 VE Environment: - Configuration Backup: Create a complete backup of your existing F5 VE configuration. - Inventory Resources: Inventory the hardware, software, and network components used by your F5 VE instance. - Identify Dependencies: Determine any dependencies or integrations with other systems. 2. Prepare ZTE CloudOS Environment: - Create a Virtual Machine: Create a virtual machine within ZTE CloudOS with sufficient resources (CPU, memory, storage) to match or exceed your current F5 VE instance. - Install Hypervisor: Ensure that the virtual machine is running a compatible hypervisor (e.g., VMware, KVM). - Network Configuration: Set up appropriate network interfaces and VLANs on the virtual machine to match your existing network configuration. 3. Export F5 VE Configuration: - Use Configuration Utility: Use F5's configuration utility (e.g., TMSH, GUI) to export the entire configuration of your F5 VE instance. - Save Configuration: Save the exported configuration file in a suitable location. 4. Import F5 VE Configuration: - Import to New Instance: Import the exported configuration file into the newly created F5 VE instance on ZTE CloudOS. - Review and Adjust: Review the imported configuration and make any necessary adjustments to match the new environment (e.g., IP addresses, network settings).10Views1like0CommentsF5 VE Deployment on ZTE CloudOS
F5 VE Deployment on ZTE CloudOS: A Step-by-Step Guide ZTE CloudOS is a versatile cloud platform that provides a suitable environment for deploying F5 VE (Virtual Edition). Here's a general guide on how to deploy F5 VE on ZTE CloudOS: 1.Prepare the ZTE CloudOS Environment: -Create a Virtual Machine: Create a virtual machine within ZTE CloudOS with sufficient resources (CPU, memory, storage) to meet the requirements of your F5 VE instance. -Install Hypervisor: Ensure that the virtual machine is running a compatible hypervisor (e.g., VMware, KVM). -Network Configuration: Set up appropriate network interfaces and VLANs on the virtual machine to connect it to your network infrastructure. 2.Obtain F5 VE Image: -Download F5 VE: Download the appropriate F5 VE image from the F5 Downloads portal. -Choose the Right Edition: Select the F5 VE edition that best suits your needs (e.g., BIG-IP VE, ASM VE). 3.Import F5 VE Image: -Import to Hypervisor: Import the F5 VE image into the hypervisor running on your ZTE CloudOS virtual machine. -Configure Boot Settings: Configure the boot settings of the virtual machine to boot from the F5 VE image. 4.Initialize F5 VE: -Power On: Power on the virtual machine to start the F5 VE initialization process. -Follow Prompts: Follow the on-screen prompts to configure basic settings like hostname, IP address, and administrative credentials 5.Configure F5 VE: -Access Management: Create user accounts and assign appropriate privileges. -Network Configuration: Configure network interfaces, VLANs, and routing protocols. -Application Services: Deploy and configure application services like load balancing, SSL offloading, and web application firewall. 6.Test and Validate: -Verify Functionality: Test the F5 VE instance to ensure that it is functioning correctly and providing the desired services. -Monitor Performance: Monitor the performance of the F5 VE instance to identify any issues or bottlenecks.6Views0likes0CommentsMicrosoft 365 IP Steering python script
Hello! Hola! I have created a small and rudimentary script that generates a datagroup with MS 365 IPv4 and v6 addresses to be used by an iRule or policy. There are other scripts that solve this same issue but either they were: based on iRulesLX, which forces you to enable iRuleLX only for this, and made me run into issues when upgrading (memory table got filled with nonsense) based on the XML version of the list, which MS changed to a JSON file. This script is a super simple bash script that calls another super simple python file, and a couple of helper files. The biggest To Do are: Add a more secure approach to password usage. Right now, it is stored in a parameters file locked away with permissions. There should be a better way. Add support for URLs. You can find the contents here:https://github.com/teoiovine-novared/fetch-office365/tree/main I appreciate advice, (constructive) criticism and questions all the same! Thank you for your time.62Views1like0CommentsCertificate server name issue--wildcard certificate
Hello all, I have one virtual server, and I have a policy behind it that redirects to multiple pools. The problem is that my customer requested a certificate for a few applications and requested it as wildcard.xyz.com. However, the application has two dns records as xyz.com and www.xyz.com. Of course, when I call the page as xyz.com, I get a certificate error (not a secure connection). Here, my policy record is as follows: if the host "xyz.com or www.xyz.com" is owned by the host, redirect the traffic to the xyz-pool. I wrote a redirect irule to overcome this. But it didn't work. The rule is like this: when HTTP_REQUEST { if {[HTTP::host] equals "xyz.com"} { HTTP::redirect "https://www.xyz.com[HTTP::uri]" } } anyone have any ideas or suggestion? Thank you in advance for your answers50Views0likes4CommentsHelp configuring NAT64 on a BIG-IP LTM
I have been trying to implement NAT64 in our network in order for IPv6 only clients can reach our IPv4 only servers. Ive create an IPv6 VIP and enabled the nat6to4 option and port and address translation are enabled. VIP: ipv6 Pool: IPv4 Snat: Auto map when i do #show sys connection cs-server-address 2a:66:x.x.x.xx client IPaddress VIP ip address floating ip address node 2a:45:33.xxx 2a:66:x.x.x.xx any6 any6 I able to see the client IPv6 address reaching to the VIP. But the F5 is not loadbalancing to the backend server How can i make this to work Any help would be greatly appreciated.68Views0likes3Comments