Management Interface SSL Ciphers
Hey all, So, I'm trying to restrict the SSL ciphers used with the management interface (including iControl). To test this, I've used the [tmsh] modify sys httpd ssl-ciphersuite ... command with a very weak cipher string. I've restarted httpd and also done a full reboot. In either case; *When using a browser I'm negotiating a TLS cipher suite *When using iControl I'm negotiating an even stronger suite: TLS_RSA_WITH_AES_256_CBC_SHA I've two reasons to do this; 1) I want to troubleshoot some iControl issues 2) I want to disable SSLv3 ciphers, if my changes are ignored, I'm worried Any ideas anyone? The ciphersuite I've configured is: -ALL:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA TMOS v11.4.1 (VE), build 608.0.
BigIP VE v13.1.x in VMware - iApp menu item is missing
Hi, got a strange issue with the Virtual Edition of BigIP running in a VMware Workstation. Somehow the iApp menu item is not shown in the Configuration Utility (Web GUI) in all 13.1.x versions I've tried so far. Version 12.1.x - iApp menu is there. Upgrade from 12.1.x to 13.1.0.7 - iApp menu item is gone Upgrade from 13.1.0.7 to 13.1.0.8 - iApp menu item is gone Fresh Install of 13.1.0.7 - iApp menu item is gone Upgrade from 13.1.0.7 to 13.1.1 - iApp menu item is gone Fresh Install of 13.1.1 - iApp menu item is gone Couldn't find any change of behavior regarding iApps in the Release Notes. The iApp functionality is still there. In an older article here on DevCentral I've found the direct links for iApps and the templates. And those are still working: https:///tmui/Control/jspmap/tmui/application/list.jsp https:///tmui/Control/jspmap/tmui/application_template/list.jsp That's my workaround at the moment. What am I missing? (apart from the iApp menu item) Thank you very much and kind regards, Gunnar
Vulnerabilities on Configuration utility login page.
Hi everyone I've perform pen-testing and found vulnerabilities on Configuration utility login page like this. 1.) Detect that F5 BIG-IP web management interface is running on this port. (Not sure if it's due to header F5-Login-Page: true, or not.) 2.) HTTP packet inspection. It's show HTTP protocol version used, whether HTTP Keep-Alive and HTTP pipelining are enabled from Configuration utility login page. Can we mitigate these two issue? ps. about (1) I think it's due to header F5-Login-Page but didn't know how to remove this header. about (2) Not sure how to fix this. Might have to perform packet filter IP on httpd services. thank youDevice Config Issues after Upgrade
Upgraded from v 11.5.3 to v 12.1.3.5 and after the upgrade, the device is back up and seems to have partial configuration such as device name, ip address, login credentails, but all the LTM and APM configs are wiped clean. I get the message " The configuration has not yet loaded. If this message persists, it may indicate a configuration problem." when loading the config utility page. Any suggestions on why I have this error and how i can get all my configs back ?
Uploading Apache certificate chain
Trying to implement smart card auth for the big-ip configuration utility, but unable to upload the cert chain via the ui or cli. Receive the following error: Values (/parition/name) specified for Certificate Bundle Entity (/partition......) foreign key index (certificate_file_object_FK) do not point to an item that exists in the database. I've seen references to this error and a bug in 11.5, however this is 12.1.2 and also having the problem with 13.0 I've uploaded the bundle elsewhere and it's fine. Does anybody know if the bug is still outstanding or any work arounds? Appreciated.
BIG-IP Virtual Edition Configuration Utility log in failures
I have just installed my BIG-IP Virtual Edition trial and I am having trouble logging in to the Configuration Utility. I have configured the VM and can connect my browser to the Configuration Utility and I get the login screen, but it keeps telling me there is an Authentication problem. I get Authentication required! This server could not verify that you are authorized to access the URL "/tmui/logmein.html" .... ... I've tried the default login and password of 'admin' and 'admin' and 'admin' and 'default' I've see both pairs mentioned online but neither works for me. What am I missing?
Issue with config utility
Hi all. Bit of an issue accessing the config utility at the moment. I'm using Chrome to access the config utility, but the connection keeps closing every few seconds. A refresh will let me back in, but then drops again. I would also note that the BIG-IP is incredibly sluggish (compared to previous boots) at the moment. This may/may not be related. After some healthy troubleshooting, I think this is related to my SSL lab work where I reverted to a snapshot on my vm, but something has gone terribly wrong. I have checked on another vm's very old web browser and can access the config utility without any issues. However, from my desktop using IE (results in "The security certificate presented by this website was issued for a different website's address."). I've check the config utility from the old browser, and the self-signed cert looks ok, but I don't think it is. Is there a way to generate a new self signed cert for my VE, or a way to fix this problem? Am I barking up the wrong tree and missing something obvious? Any and all help would be much appreciated. Thanks.