event

196 Topics

Problems connecting to vpn after upgrading to ubuntu 24.04
good afternoon, I have upgraded ubuntu to 24.04 and since then I can no longer connect correctly to the vpn with the f5 client. In the client it appears that I am connected to the vpn, but then I do not reach any of the sites and servers that with the 22.04 version if it arrived. Can you help me.
bizkaipc
May 06, 2024 Place Technical Forum
4.1KViews
2likes
8Comments
BIG-IQ Silo Search error
When Nodes is selected but Silo is clicked on the search returns an error: Is this a Bug or a Feature that can be disabled as it returns errors that i don't believe it should. Highlighting a column shouldn't cause the search to fail.
Todd_Chase
Jun 10, 2022 Place Technical Forum
3.9KViews
0likes
3Comments
Disk space full
Hi Team, recently on my F5 appears this error : Disk partition / has only 1% free I have deleted some old files, I removed ucs backup and save it from another device, but the problem was not fixed yet. The message appaers continuatively... Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg--db--sda-set.2.root 427M 399M 5.3M 99% / Someone could help me to fix it ? Many thanks in advanced . Rgds,
Solved
unavailable
Apr 07, 2023 Place Technical Forum
3.9KViews
0likes
4Comments
Traffic Policies using tcl
Trying to using the tcl variables within the log message so can log information such as client address and uri. i put the following into log message text box, but does work. The user was redirected fromtcl:[HTTP::uri] and Client IP tcl:[IP::client_addr]
sgnormo
Jul 10, 2022 Place Technical Forum
3.5KViews
0likes
1Comment
UDP Datagram LB
Hello, To enable fair load balancing between backend servers (5 syslog srv >> F5 >> 2 splunk srv) I created a new udpprofile and activated the option :"Datagram LB" :https://support.f5.com/csp/article/K3605 100% of logs received with the default udp profile, but not with the new profile udp (the other parameters are equal) an idea? Thanks!
Solved
cpt_ri_F5
Jan 27, 2023 Place Technical Forum
3.3KViews
0likes
8Comments
iRules Can't call after responding - ERR_NOT_SUPPORTED (line 1) invoked from within "HTTP::host"
Hi, I tried to write a irule that can response code 200 and some contenet when the query string matched. But I found the error log as below : TCL error: /Common/fz_stg_base <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 1) invoked from within "HTTP::host" My irules as below : when HTTP_REQUEST { switch -regexp [HTTP::query] { "jsonp=NetTestCallback[0-8]&.+" { HTTP::respond 200 content "Hello World!!" } } } /Common/fz_stg_company irule as below : when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "a.bc.xyz" {pool my_pool} } } My irules on the top order andfz_stg_company on the second order. Any idea?
Solved
EricWu
Apr 22, 2022 Place Technical Forum
3.2KViews
0likes
3Comments
Pool Members with multiple ports
got a customer who wants to have the Pool members on multiple ports. Client --->Virtual server:https --->Pool members on ports 30000-32676. Listing the * or 0 for ports on the pool members will not work as the traffic could be sent to any port from the F5, but since the virtual server is listening on 443 it will just send to the backend servers on 443.
Solved
sgnormo
Oct 11, 2022 Place Technical Forum
2.8KViews
0likes
2Comments
C3D and header insert
Have a F5 that is a WAF so is performing the break and inspect on user web traffic sending through the ASM module. Since the customers backend requires a user certificate I explained to the user there are two options that can be utilized. Option 1 (preferred) the F5 prompts the user for their certificate, then the F5 performs a header insert to the backend systems (Apache) and then it is up to the customer to extract the certificate from the incoming packets. The user certificate will be the original user certificate (not modified). The backend servers must not send the "certificate request" or else the SSL negotiation will be terminated because the F5 will send a self signed cert. Option 2 (less preferred) is C3D. The customer puts the F5 certificate that will be used for signing into their backend store as a trusted CA. When the user connects the F5 prompts the user for their certificate. Then the F5 communicates to the backend server and the backend send the "certificate request". F5 will resign the user certificate and send the certificate with the F5 being the certificate signer. Customer said their Apache must prompt for the certificate, so have C3D setup on the F5 and the F5 is sending the resigned user certificate. When the customer Apache server sends that resigned certificate to the Oracle backend the Oracle refuses the certificate because the customer is storing the original user certificate in the Oracle backend. I asked why does the Oracle backend need the full certificate, the Oracle can be configured to just use the CN from the certificate. Customer answer is because that is how it works. So now the customer wants to utilize C3D and have the F5 perform a header insert of the user original certificate, I am not sure if that can be done. Even then just does not make any sense and makes things more complicated than required.
Solved
sgnormo
Nov 25, 2022 Place Technical Forum
2.2KViews
0likes
6Comments
Use the REST proxy on the BIG-IQ system ERROR
Hello, I'm working in a local environment trying to use the REST proxy on the BIG-IQ system with the objective of acquire certain info of a BIG-IP. Once I've obtained the BIG-IQ token, discovered the BIG-IP device, enabled the REST-PROXY feature and obtained the BIG-IP uuid (4ad12733-95ea-47b0-a562-dd6ac6da5adc), which basically consists on following the steps found on that websiteEnabling BIG-IQ Centralized Management as a REST proxy for BIG-IP devices (f5.com);it is time to confirm that the BIGIP has been discovered and included into the BIGIP devices group with the code below. headers = { 'X-F5-Auth-Token': f'{token}' } # Request to confirm that the BIGIP was discovered and is included in the cm-bigip-allDevices group url_id = "https://192.168.1.44/mgmt/shared/resolver/device-groups/cm-bigip-allDevices/devices/4ad12733-95ea-47b0-a562-dd6ac6da5adc" response_id = requests.get(url_id, auth=HTTPBasicAuth('admin', 'psw'), headers=headers, verify=False) The problem is that whenI execute that, there is an output variable that states that "state": "PENDING", when that should be "state": "ACTIVE".Why? Do I left something? Am I doing something wrong? Thanks in advance
Solved
dani_salvado
Feb 09, 2023 Place Technical Forum
2.1KViews
0likes
5Comments
Limiting closed port RST response from 501 to 500 packets/sec for traffic-group/Common/trafficgroup1
Hi Guys, I have read the following KBhttps://support.f5.com/csp/article/K13151aboutTCP RSTs, i`m in situation when i get on ltm the following logs Limiting closed port RST response from 501 to 500 packets/sec for traffic-group /Common/traffic-group-1 followed with high peak of analysis plane around 100% at that time. Does this indicate a Dos/DDos attack or smth else. Thnx in advance
ikkut23
Nov 29, 2022 Place Technical Forum
2.1KViews
0likes
1Comment