Requirement for BIG-IQ VM Deployment in AWS
Can anyone please suggest on below. We have a requirement to deploy a BIG-IQ VM in the AWS cloud to manage our existing LTM, GTM, and WAF devices. We are planning to manage approximately 100 F5 devices using BIG-IQ. Could you please share the recommended system requirements (RAM and disk space) for the BIG-IQ instance to support this scale? and other details as well if required for the same. Kind regards
Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error
Hi Mates, After upgrading rseries F5 OS to 1.5.4, I observed the below error and I am unable to do SSH for my F5 OS machine version 1.5.4 from the network: 10.54.7.0/24. Rest all the networks are working fine and we are able to do SSH to the same F5 OS machine. Is it something that device was unable to update this entry into iptables. Do we have to manually re-configure this rule? ys-host-config[11678]: priority="Err" version=1.0 msgid=0x7001000000000062 msg="Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES -s 10.54.7.0/24 -p tcp -m state --state NEW --dport 22 -j ACCEPT -w &>/dev/null" ERR="EXITINFO: 4".
Cannot ping external interface
Hi All, first post here, first time F5 devices and a complete novice. I have a couple of BIG-IP devices and the luxury to play and learn before we go live. I have one I am sure is going to be a simple (and probably stupid question) On our LAN I have been able to set one device with a management interface, a virtual server and all the hosts and nodes are connecting fine. This is in a typical round robin setup. The thing I cannot figure out is the external port and address. For brevities sake and simplicity I have one physical interface connected directly to the gateway provided by our ISP and we have a block of static public IPs provided. I have assigned , or want to assign, one of the spare IP address to this interface. This is method we have with our other (non F5 firewalls) and it works, but not here. I have created a VLAN called external , set it to untagged and assigned the interface connected to the gateway to this VLAN. I then assigned that VLAN to my VirtualServer. However I cannot ping or reach the external IP address in any fashion and I am not sure why
HA Failover between two Datacenters
I currently have three Host Load Balancers with LTM Guest, with GSLB. In datacenter 1 is two Host standalone w/two Guest in HA Failover / Synchronization - GSLB. In datacenter 2 is one Host standalone w/one Guest in standalone - GSLB. I am creating another set of three Guest for application isolation, two in datacenter 1 and one in datacenter 2, with no GSLB, due to application limitations of not using FQDN. Is if feasible to create a HA Failover/Synchronization between three Guest, even though they are in separate datacenters (450 miles apart). If so, what are some precautions that I should be aware of? Regards, Larry
SFP Port LEDs Blinking Yellow
Hi I upgraded the F5 OS to version 1.8 and the tenant software to 17.5.1.3. The upgrade went smoothly and both the Active and Standby devices successfully handled traffic after the upgrade. However I have noticed that the SFP port LEDs on both the Primary and Secondary devices are blinking yellow. Both devices appear to be operating normally but I would like to confirm whether this is expected behavior Could the yellow blinking indicate a speed mismatch or should the LEDs be green under normal conditions
