F5 Analytics iApp
Problem this snippet solves: Analytics iApp v3.7.0 You can use this fully supported version of the analytics iApp template to marshal statistical and logging data from the BIG-IP system. The iApp takes this data and formats it as a JSON object which is then exported for consumption by data consumers, such as F5 BIG-IQ or applications such as Splunk. The Analytics iApp allows you to configure several categories of data to be exported. For data consumers like Splunk, the iApp lets you configure the network endpoint to which the data is sent. Version 3.7.0 of the iApp template is fully supported by F5 and available on downloads.f5.com. We recommend all users upgrade to this version. For more information, see https://support.f5.com/csp/article/K07859431. While this version of the iApp is nearly identical to the v3.6.13 which was available on this page, the major difference (other than being fully supported) is that ability to gather APM statistics using the iApp has been removed from BIG-IP versions prior to 12.0. Supported/Tested BIG-IP versions: 11.4.0 - 12.1.2. Data Sources: LTM, GTM, AFM, ASM, APM, SWG, and iHealth (APM statistics require 12.0 or later) Data Output Formats: Splunk, F5 Analytics, F5 Risk Engine Splunk App: https://apps.splunk.com/apps/id/f5 The new deployment guide can be found on F5.com: http://f5.com/pdf/deployment-guides/f5-analytics-dg.pdf Video Demo - https://player.vimeo.com/video/156773835 Solution Architecture - 20s Installation - 1m53s UI Demo Device Dashboard - 6m44s Application Issue Troubleshooting - 9m26s Application Team Self Service - 12m17s Code : https://downloads.f5.com/esd/ecc.sv?sw=BIG-IP&pro=iApp_Templates&ver=iApps&container=iApp-Templates
F5 automated backup script not removing ucs archives/executing post copy clean up commands.
I've installed the https://devcentral.f5.com/codeshare/complete-f5-automated-backup-solution components and when utilizing the scp option have noticed that, although the archives do get copied to remote storage, the /var/local/ucs archives are not being cleaned up. I've seen posts which recommend changing from exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION to exec rm -f BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION which did not help. To me it appears that once the call to execute the bash script, which handles the scp, is performed it never properly returns back to the calling script. I'm basing this on the fact that neither /var/local/usc archives or the /var bash script are ever cleaned up. The commands to remove them immediately follows the call to the bash script. I've modified the command that builds the scp.sh bash, appending the clean up commands to the end of it, so that the clean up happens w/in the bash script before it returns back to the calling script. Before: exec echo -e "put()\n{\n\tfields=\"username server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tsed -n '4,\$p' $configfile | openssl aes-256-ecb -salt -a -d -k \$f5masterkey > /var/tmp/scp.key\n\tchmod 600 /var/tmp/scp.key\n\tscp -i /var/tmp/scp.key BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${username}@\${server}:\${directory}\n\trm -f /var/tmp/scp.key\n\treturn \$?\n}\n\nput" > $scriptfile After: exec echo -e "put()\n{\n\tfields=\"username server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tsed -n '4,\$p' $configfile | openssl aes-256-ecb -salt -a -d -k \$f5masterkey > /var/tmp/scp.key\n\tchmod 600 /var/tmp/scp.key\n\tscp -i /var/tmp/scp.key BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${username}@\${server}:\${directory}\n\tcp /var/tmp/scp.key /var/tmp/scp.key.bak\n\trm -f /var/tmp/scp.key\n\trm -f BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION\n\trm -f $scriptfile\n\treturn \$?\n}\n\nput" > $scriptfile This seems to work but I was wondering if anyone else has encountered this issue and has a better solution?
Port redirect for only *some* urls
I have a web server that is set up with the basic http iApp, and is configured to accept traffic on port 443, and redirect traffic on port 80 to 443. The web server itself accepts traffic on port 443 for most urls, but requires port 6443 for others, e.g.: https://mywebserver.domain.com/login Only works on port 443, whereas everything under the 'subdir' url https://mywebserver.domain.com/subdir/webpage Requires port 6443 to be accessed. Does anyone know of a way to handle this easily with an irule, preferably without showing :6443 in the url? Thanks in advance!How do I disable TLS 1.1 for the SharePoint 2010-2013 IAPP v 1.2.1
I am using the SharePoint IAPP to support our SharePoint farm. We are on 2013. We need to disable TLS 1.0 and 1.1 and I want to do so without breaking our SharePoint implementation. I am not able to change the existing SSL Client Profile because I am using the IAPP. Guidance for the best way to resolve this would be very much appreciated.
F5 iApp Exchange 2016 AD - Authentication Fail - UPN suffix mismatch
Hi Everybody We are in the process of deploying Exchange 2016 / Outlook 2016 with F5 v11.6.0 (build 4.0.420) and APM. Our reference is the Exchange 2016 deployment guide (https://www.f5.com/pdf/deployment-guides/microsoft-exchange-2016-dg.pdf). We are using the latest iApp . Without APM it seems to be working fine, but as soon as we enable APM we are having athentication problems with Outlook Anywhere. When we start Outlook 2016, it tries to authenticate using UPN firstname.lastname@company.com. The internal domain used however is company.local instead of company.com. So we are running into the problem described here (https://support.f5.com/csp/article/K12252), where UPN suffix does not equal domain suffix. I get the same error "... Please verify Active Directory and DNS configuration...." when doing a manual adauth test via CLI. We cannot seem to get the workaround descibed to work (replace APM AD Auth with LDAP). Does anybody have a reference or can tell me if it is even possible to configure the APM (i.e. modify the iApp) to use LDAP instead of AD Auth with SSO in this scenario? Any advice would be greatly appreciated. Thanks in advance. Ingo
Exporting iapp template from BIG-IP 11.2.1 Build 862.0 Hotfix HF2 and importing to BIG-IP 11.2.1 Build 1104.0 Hotfix HF4 fails
Trying to get a copy of iapp template f5.http_solar_alpha.2012_08_09 from Production F5 to Development F5. It fails whether exporting to a file and then importing, or copying and pasting text. These are the errors which all seem to stem from the file f5.http_solar_alpha.2012_08_09.cli_script not being found. I am no longer able to find this template and I don't recall how I installed it originally. Just looking for some clues as to what to try next. line 4 [script "f5.http_solar_alpha.2012_08_09.cli_script" included from "APP_TMPL_/Common/f5.http_solar_alpha.2012_08_09_definition" not found][tmsh::include "f5.http_solar_alpha.2012_08_09.cli_script"] line 230 ["\r" has no meaning. Did you mean "\r" or "r"?][{\r\n}] line 230 ["\n" has no meaning. Did you mean "\n" or "n"?][{\r\n}] line 231 [script "f5.http_solar_alpha.2012_08_09.cli_script" included from "APP_TMPL_/Common/f5.http_solar_alpha.2012_08_09_definition" not found][tmsh::run_proc f5.http_solar_alpha.2012_08_09.cli_script:do_tmsh_create "\"$component\"" "\"$arguments\""] line 255 ["\r" has no meaning. Did you mean "\r" or "r"?][{\r\n}] line 255 ["\n" has no meaning. Did you mean "\n" or "n"?][{\r\n}] line 256 [script "f5.http_solar_alpha.2012_08_09.cli_script" included from "APP_TMPL_/Common/f5.http_solar_alpha.2012_08_09_definition" not found][tmsh::run_proc f5.h Unexpected Error: Loading configuration process failed.
SSL Offloading not functioning properly for SharePoint 2013
Dear All, We have a share point application which needs to be load balanced through F5. The applications have been configured using F5 verified iApp and the same is working well when we run as HTTP in both front & back end . Since the requirement is to do the SSL offloading , we have recreated the same using iApp and we realized some application accessibility issue .there are some HTTP references inside the webpage itself and most of the images are not loaded at the client end. When we inspect partially loaded webpage at client browser, have received Mixed content warning . Do you have any suggestion regarding this ? I believe that iApp is designed in such a way that it should support smooth integration of most of the complex applications in F5.
