cloud
2021 TopicsF5xC Migration
Hey Amigos, Need some advice.. I am implementing F5xC on our infra and migrating applications, however, ran into a small problem and need guidance.. There's an on-prem application sitting behind Citrix LB with the SSL offloaded directly on to the backend members i.e. SSL passthrough configured.. We have to migrate this app behind F5xC with SSL certificate on the F5xC as well.. Have below concerns ; Would this solution work if we get the SSL cert from the server itself and deploy it on the F5xC ? Has anyone implemented this sort of solution before, if yes, can anyone share their observations ? There's no test env so I can't really test this in non-prod.. This has to be implemented in prod directly and hence the precautions :)27Views0likes1CommentSteps to create custom curl monitor
Hi Everyone I tried to make a health monitor check proxy by following this kb https://my.f5.com/manage/s/article/K31435017, but the results still failed when I curled towards the destination has anyone ever been able to? please advise & suggest4Views0likes0CommentsLet's Encrypt with Cloudflare DNS and F5 REST API
Hi all This is a followup on the now very old Let's Encrypt on a Big-IP article. It has served me, and others, well but is kind of locked to a specific environment and doesn't scale well. I have been going around it for some time but couldn't find the courage (aka time) to get started. However, due to some changes to my DNS provider (they were aquired and shut down) I finally took the plunges and moved my domains to a provider with an API and that gave me the opportunity to make a more nimble solution. To make things simple I chose Cloudflare as the community proliferation is enormous and it is easy to find examples and tools. I though think that choosing another provide with an open API isn't such a big deal. After playing around with different tools I realized that I didn't need them as it ended up being much easier to just use curl. So, if the other providers have just a somewhat close resemblance it shouldn't be such a big task converting the scripts to fit. There might be finer and more advanced solutions out there, but my goal was that I needed a solution that had as few dependencies as possible and if I could make that only Bash and Curl it would be perfect. And that is what I ended up with 😎 Just put 5 files in the same directory, adjust the config to your environment, and BAM you're good to go!!😻 And if you need to run it somewhere else just copy the directory over and continue like nothing was changed. That is what I call portability 😁 Find all the details here: Let's Encrypt with Cloudflare DNS and F5 REST API Please just drop me a line if you have any questions or feedback or find any bugs.2.3KViews1like8CommentsCreating Policy using Terraform
I have been trying to create a policy onto my F5 device but keep getting conflicting errors: This is my condition block: condition { http_cookie = true case_sensitive = true values = ["cookie_value"] } but i receive the error: operand 'http-cookie' selector 'all' is missing required parameter 'name'. but when I add all and name it gives me the error that name does no belong there. I have tried a bunch of different things but cannot figure it out. Can someone please help?64Views0likes5CommentsMicrosoft 365 IP Steering python script
Hello! Hola! I have created a small and rudimentary script that generates a datagroup with MS 365 IPv4 and v6 addresses to be used by an iRule or policy. There are other scripts that solve this same issue but either they were: based on iRulesLX, which forces you to enable iRuleLX only for this, and made me run into issues when upgrading (memory table got filled with nonsense) based on the XML version of the list, which MS changed to a JSON file. This script is a super simple bash script that calls another super simple python file, and a couple of helper files. The biggest To Do are: Add a more secure approach to password usage. Right now, it is stored in a parameters file locked away with permissions. There should be a better way. Add support for URLs. You can find the contents here:https://github.com/teoiovine-novared/fetch-office365/tree/main I appreciate advice, (constructive) criticism and questions all the same! Thank you for your time.110Views1like3CommentsOutlook for mobile doesn't via APM doesn't work with Modern Authenication
Hello I configured Modern Authentication for Microsoft Exchange Server, which is published via F5 APM. We applied an APM policy for OWA to enforce MFA. To streamline authentication, we bypassed Autodiscover and ActiveSync from APM, directing traffic to the Exchange pool for Modern Authentication. While Outlook for desktop and native mail clients on iOS and Android worked seamlessly with Modern Authentication, Outlook for mobile continued to redirect to Basic Authentication. Interestingly, when APM is disabled, Outlook for mobile functions correctly with Modern Authentication. We've attempted to disable APM through iRules, but so far, none of our efforts have resolved the issue. Has anyone encountered a similar problem and found a solution? Thanks.57Views0likes4Comments