F5 APM (failed to initialize local tunnel server)
Hi, I'm hoping someone can help with a couple of question I have before I turn to support. I've newly deployed an F5 APM and am having a couple of issues:- 1). I have a couple of users who get the error "failed to initialize local tunnel server" after successfully logging in using IE or Firefox and trying to launch an RDP resource. Other users on the same OS are fine. Have tried reinstalling all F5 components without success. It seems the tunnelserver.exe process doesn't get launched for some reason. Any idea's on what I can look for? 2). When a user first connects and launches a full Network access connection (Full VPN), a windows dialler profile gets built and populated and can be seen in the internet options on a windows machine. Once its built the OS tries to connect through this dialler and it causes some local connection issues until you set/configure the option "Never Use Dialler". Is there any way to stop this behaviour or to turn it off? I gather the dialler that is built is necessary. Thanks RK
Connections vs sessions
Hi all This is my first post so apologies if I'm breaking any standards. I'm having trouble figuring out the difference between connections and sessions. No matter how much I Google this, I'm not finding a simple answer. Let me phrase it this way...if you read the article on "LTM: Dueling Timeouts" (https://devcentral.f5.com/articles/ltm-dueling-timeouts), it says: "Persistence timeouts are actually idle timeouts for a session, rather than a single connection." Unfortunately that statement does not tell us anything meaningful unless the definition of a connection and session is clarified. Or to put it another way, if you consult the F5 V11 configuration guide as it relates to session persistence profiles (http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-1-0/ltm_persist_profiles.html), it says: "The primary reason for tracking and storing session data is to ensure that client requests are directed to the same pool member throughout the life of a session or during subsequent sessions." So my question here would be, what factors influence whether ongoing HTTP GET requests (as an example) constitute a single session, or subsequent sessions? I'd really appreciate somebody's help here as I know this is a fundamentally basic concept but I'm unable to find a definitive answer.
Static route gateway X.X.X.X is not directly connected via an interface
Hello, When verifying bigip.conf file, an error is reported about a network route. But the error has no reason to be there. Here is the error: &&&&&&&&&&& load sys conf file /config/bigip.conf verify Validating system configuration... . . Validating configuration... /config/bigip.conf 01070330:3: Static route gateway 10.10.99.254 is not directly connected via an interface. Unexpected Error: Validating configuration process failed. &&&&&&&&& When I then exit tmsh and look at my network configuration I see that 10.10.99.254 is on the same network as one of my interfaces. netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.252 U 0 0 0 HA 127.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tmm0 127.3.0.0 0.0.0.0 255.255.255.0 U 0 0 0 mgmt_bp 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan20 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.220.220.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan220 10.194.94.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan194 127.2.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.1 10.10.96.0 0.0.0.0 255.255.252.0 U 0 0 0 vlan1 &&&& LOOK HERE &&&& 0.0.0.0 10.10.99.254 0.0.0.0 UG 0 0 0 vlan1 &&&&&&&&&& This configuration is up and running. I can even ping 10.10.99.254... I am just worried this error hides something more serious. fyi we run version BIG-IP 11.3.0 Build 3144.51 Engineering Hotfix HF8 thanking you in advance Alberto
Certificates implementation in "SSL forward proxy client and server authentication" scenario.
I want to implement SSL forward proxy client and server authentication, and I am not sure how certificates are implemented. How can it be done? I mean how do I have to implement client and server certificates in order to proxy/forward SSL traffic to a backend SSL server? I am using a BIG-IP LTM appliance.
Virtual Server creation
Hello, I am new to F5 and using the evaluation version of F5 (Big IP LTM Virtual Edition). I am facing problem while creating the virtual server for tomcat application. F5 Big-IP LTM VE is running on VMPlayer. And I can access the admin page of F5 via https://> I want to test F5 with 3 tomcat applications which are running as cluster. All my three tomcat instances are on same machine with different port. http://:8081//cluter-example/test.jsp http://:8082//cluter-example/test.jsp http://:8083//cluter-example/test.jsp I tested out successfully this cluster with Apache server. As I do not have much idea as how to create Virtual server which will use my newly created pool which has all the three tomcat instances. I tried to create Virtual server with following parameter: Type : host Address : some random IP address. Service port : 80 with HTTP VLAN and tunnel traffic : All VLAN and tunnel SNAT Pool : autoMap Afterward I try to access the virtual server as http://>:80 And then getting nothing (I am expecting it should go to one of the tomcat instance) I tried with http://>:80/cluster-example/test.jsp but same result. In Health monitor side I used Send String : GET /cluster-example/test.jsp Please let me know what are the things I am missing and why given virtual IP with 80 port as HTTP... its not redirecting to tomcat application side. -Sandeep
Pool members with fully-qualified domain names (FQDNs): How does this work?
From release notes of v11.6.0 (on new features): Populate pools by FQDN This release includes the ability to configure a BIG-IP system with nodes and pool members that are identified with fully-qualified domain names (FQDNs). When configuring pool members with FQDN, addresses dynamically follow DNS changes. Fully dynamic DNS-managed pools may even be created. How does this work? When the fqdn resolves to multiple addresses, how is LB handled?
