F5 APM - limiting access to the bandwidth for network Access
I am looking for a way of restricting access to the available bandwidth for our SSL VPN users. I see within the 'Network Access' configuration (Network Settings) there is an option to set 'Client Interface Speed' in bits per second. I have attempted to find more information on this without much luck. The only references I can find are below: 'Specifies the maximum speed of the client interface connection, in bits per second.' 'Specifies the speed of the client interface connection, in bits per second.' Can anyone provide further insight to this particular setting? I want to confirm/understand: (1) if this is actually a bandwidth restriction or whether it is just an administrative setting (though the above suggests a restriction) (2) if it is a bandwidth restriction, does this perform Traffic Policing or shaping? (3) is the setting per client connection, or all connections using that particular 'network access' Thanks
Unexpected Error: UCS loading process failed
Hello, I'm taking the LTM Essentials course online. There are different labs and before each lab, I need to upload a UCS file and restore it. But when I do the restore, I receive the following error: Unexpected Error: UCS loading process failed. It is impossible to have the restore working. Somebody would have an idea how to troubleshoot this? Thank you, Vinch
Sharing same VLAN between vCMP guest
Hello, This question is regarding to sharing same VLAN between vCMP guest for F5 viprion platform. lets say, I have a VLAN 10 which is tagged to interface 1.1 at vCMP host level and propagated to Guest A in common partition. -For the guest B can I use same VLAN? -What would be the recommend way to share VLANs between guests? -Can we tag VLAN 10 to 1.2 interface at vCMP host level and share it with Guest B?
OCSP With CRL Fallback
Hi all, I've been trying to get my head around OCSP and CRL in a rush. My requirement is relatively simple but without APM (not an option) I'm trying to do this via an iRule. Anyway, the requirement is this; -Use OCSP as the primary method of verifying client certificates (requires an OCSP profile) -Use CRL (not CRLDP) as a fallback should the OCSP responders be unavailable for any reason (requires an SSL profile) According to this, if both are applied (via profiles) then both checks must 'pass' not just one or the other, hence the iRule. I've found examples of using OCSP in an iRule here, here and here (thanks Hoolio) but litle around CRL checking. So, my questions are; -Can I use an iRule to perform the OCSP check and then, if OCSP fails for some reason, switch to an SSL profile that has CRL checking enabled so that CRL checking is performed? -If not, does anyone has any example code for performing a CRL check? -Would it simply be better to use a Pool (or something along these lines) and check it's up rather than do the OCSP check 'manually' in the iRule?
LDAPS Monitor with Certificate Expiration
Hi Team, I have been working with my AD team trying to resolve a problem where they forget to update a Domain Controller certificate and it expires and ADLDAPS queries fail since they dont bind to expired certificates. They have requested to see if we can drop a member out of the pool if the certificate is expired ( ie, not a valid SSL cert ) I have been messing with the LDAP Health monitor, turning on the Security settings, but I dont believe this would actually check that a certificate is valid or not. I know with server side SSL configuration you can enable SSL authentication but would just stop traffic from flow, not actually drop a member out of the pool. Any ideas ?