Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

f5 distributed cloud

7 Topics

Help Needed: Tracking Unreachable Traffic and Public IPs in F5 XC
Hi all, I’m troubleshooting unreachable traffic in F5 XC and need to identify which Regional Edge (RE) locations cannot reach my backend servers (BE). Here are my questions: How can I track failed requests or unreachable servers in F5 XC? Are there specific logs or error codes (e.g., 503, 504) I should look for? Where can I find the public IPs of the REs trying to reach my backend servers? Any tips on monitoring backend server health and setting up alerts for when traffic can’t reach my backend? Appreciate any insights or resources! Thanks!
diab
Apr 13, 2026 Place XC Users Forum
30Views
0likes
1Comment
Question about healthchecks
Hello, We're publishing quite old server behind XC load balancer, and to make it work I had to lower "TLS Security Level" to Medium under Origin Pool > TLS. This works fine, however, without healthchecks. If I enable a simple healthcheck, for example: Host Header Value = my.hostname Path = / I start getting "503 Service Unavailable" errors. I checked the web server logs on the server and there are no hits, so I suspect the healthcheck uses newer TLS protocols/ciphers, therefore, it fails (as it used to fail when TLS Security Level was set by default to High). Can TLS protocols/ciphers used by the healthecks be configured? And second question, are there any logs that could be enabled for healthchecks? Thank you.
Solved
Teddy_Brewski
Mar 10, 2026 Place XC Users Forum
188Views
0likes
4Comments
CORS with API calls
Hello, Sorry if this is an obvious question -- we're very new to XC. We're using XC with one load balancer with CORS activated. It works fine for web applications but all API calls (to our internal APIs) are blocked because of missing origin header. What is the correct way to handle it? Ask the connecting party to insert origin headers? Dedicate another load balancer (to be used for APIs only) with CORS disabled? Thank you.
Solved
Teddy_Brewski
Feb 17, 2026 Place XC Users Forum
160Views
0likes
4Comments
F5 Roles required for Catalog Items
Having difficulty mapping required roles for a group to have proper access to catalog items. If I create a group call Security-Team and I want them to manage the security like WAF (Web App * API Protection) and Bot Defense, Web App Scanning and whatever else the Security Team should be monitoring to keep our environment safe. What Roles are required for management? They don't need access to everything, just what is required for the application security. Then we have a group called Support-Teams that need ReadOnly access to everything so they can log into F5 XC and just view everything with no ability to make changes. Not sure what Roles would get assigned to this group. Both scenarios let's assume all namespaces. Any help or direction is most appreciated.
WildWeasel
Aug 07, 2025 Place XC Users Forum
223Views
0likes
1Comment
XC Backup via API
Hi Floks, I would like to automate the backup (and restore if needed!) of my XC configurations via the API. What is the best way, can I save all the configurations at once, should I save the namespaces completely, one by one or should I save each object of a namespace (pool, healthcheck, HTTP LB, App FW...)? Or maybe it's doable per service? In short, what is the smartest way to make a complete backup of the confs? Thanks.
Solved
AlsDevC
May 16, 2023 Place XC Users Forum
2KViews
1like
3Comments
XC - Obelix table syncer list operation failed.... How can I check point?
Hi, I installed CE in our vCenter. I deployed 'certified Hardware' is 'vmware-regular-nic-voltmesh'. I wanna inside network connect to global network. The internal interface network is not allocated and an error message is displayed. How can I next action? I can't find the this issues...
Hooni_L
Mar 21, 2023 Place XC Users Forum
1.7KViews
0likes
3Comments
F5 Distributed Cloud(XC) Site Edge/Customer Sites without Regional Edge capabilities question.
Hello, I decided to finally read about the the F5 Distributed Cloud and I had some questions about using only Site Edge Nodes (Customer Sites) without Regional Edge Nodes. Is layer 7 DOS/DDOS protection still an option without Regional Edge ? For me this should work as only for Layer 3/4 DOS/DDOS the Regional Edge is needed as a scrubbing center. Also is it possible to make ipsec/ssl tunnels between Site Edge Nodes full mesh? From I read in https://docs.cloud.f5.com/docs/about-f5-distributed-cloud/mesh this should be correct if I am reading it right "Using an industry-proven network stack with most advanced BGP implementation, we are able to provide full-mesh or hub-and-spoke connectivity across cloud or edge sites. The nodes automatically create secure IPSec/SSL tunnels with each other if they have direct IP reachability or securely connect to multiple nearest global PoPs. Using application or policy-based routing, traffic can be load balanced for optimal performance across this network. In addition, you can enable a network firewall and forward proxy capabilities to control and filter traffic to and from the applications."
Solved
Nikoolayy1
Oct 26, 2022 Place XC Users Forum
3.4KViews
0likes
3Comments