Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

gtm

218 Topics

Restore configuration to GTM Sync Group device
I am in the process of writing up a change to delete config from a GTM Sync Group which I am fine with but I am looking to confirm my thoughts on how to restore the configuration should I need to back the change out. For an LTM F5 I would create a UCS file on the Standby device before making any changes as the first step. Then should I need to rollback I would just restore the UCS file to the Standby device, check that the configuration has restored correctly and then sync the Standby device to the Active. I think that a similar approach will work for the devices in the GTM Sync Group but I want to avoid the restored config automatically syncing to the other devices in the GTM Sync Group so my thoughts on how to do this are as follows: 1. Log onto the Standby F5 2. Navigate to DNS > Settings > GSLB > General 3. Untick the 'Synchronize' and 'Synchronize DNS Zone Files' tick boxes 4. Change the Group Name to something unique. 5. Save the config 6. Create the UCS file 7. Reverse the changes made in Steps 3 and 4 8. Delete configuration The thinking here is that should I need to restore the config from the UCS file there is no chance of this automatically syncing to the other devices in the GTM Sync Group since it was not part of the GTM Sync Group when this was taken. Once restored I would then update the description for one of the WideIP's (simply append something like '1234' to it) so that this has the higher 'commit-id' and then add the device back to the GTM Sync Group. Since the newly added device has the highest 'commit-id' this would then push the confog back to the GTM Sync Group and I am back where I started. To my mind this makes sense but it would be very much appreciated if I could get a second opinion on this.
Solved
leemedz
Mar 13, 2026 Place Technical Forum
199Views
1like
5Comments
What are the available cloud databases for F5 DNS/GTM response policy zones (RPZ)?
What bad domain PRZ providers are recommended to be used with F5 DNS/GTM ? Configuring DNS Response Policy Zones
nikolay_dimitrov
Aug 29, 2025 Place Technical Forum
146Views
1like
3Comments
gtm_add failing due to CERT error
I am trying to cluster to GTM devices using the gtm_add command, but this is failing with this error: ERROR: found "END CERT..." without BEGIN at line: 0. ERROR: Malformed certificates found in local /config/httpd/conf/ssl.crt/server.crt. But when I check the mentioned file it looks like a valid certificate: more /config/httpd/conf/ssl.crt/server.crt -----BEGIN CERTIFICATE----- MIIHFjCCBP6gAwIBAgIDbUVxMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAoTA0lORzERMA8GA1UE CxMIU2VydmljZXMxIDAeBgNVBAsTF0NlcnRpZmljYXRlIEF1dGhvcml0aWVzMScwJQYDVQQDEx5J TkcgQ29ycG9yYXRlIEludGVybmFsIENBIC0gRzMwHhcNMjQwNjI0MTQyMzAyWhcNMjUwNzI0MTMw ... E1Zg8g9QlL+jksX7ew0tIuZPNGPbhPE3StATtD7b4oi1TYjVfIwn79DluSwkIp5hwVDrAcW/B5T6 zK+sJJlib4ZeCnV19cCkwBnYyRz0p46VrwXw7i3bYeC8Cq4Of++LaYaXDuhOVq/V61phJRoGTlRU vOII3wHBmXiXQv7MIScQQbmKaBRC2lxu0gAJV9a8vzpXfN6T+n7PxNBH4AuNdR5KeeG7 -----END CERTIFICATE----- Also via the browser the correct certificate is shown. Any suggestions on what the problem could be?
RemcoAA
Jun 27, 2024 Place Technical Forum
480Views
1like
5Comments
GTM Server name is unknown
Hello, I configured A record on our GTM, but after using the nslookup tool on CLI to check the IP if The URL I find that the server name is unknown as in the below screenshot, I just ask is normal to be unknown
Amr_Ali
Jul 18, 2023 Place Technical Forum
546Views
1like
4Comments
Add LTM two boxs ( HA ) on F5 GTM
I have two LTM boxes and configure HA between them, in this case how i can add LTM to GTM , it is applicable to make this with floating IP, or I will add two LTM separately as a two server on GTM
Amr_Ali
Jun 05, 2023 Place Technical Forum
1.4KViews
1like
6Comments
Identify and delete unused objects from F5 DNS (GTM)
HI, iHealth gives us option to identify the unused obkects for BigIP LTM but no such options are available for BigIP DNS/GTM. Is there a method to identify the unused GTM objects, like the WideIP, Pool, server, Monitors etc
Deepsri
Dec 25, 2022 Place Technical Forum
823Views
1like
2Comments
GTM Redundant pair Listener IP address
Hello All, Sorry for the basic question, but I find the deployment guides and implementation guides lasking some basic information. When deploying a redundant GTM pair, does the listener for the DNS queries use the floating IP address? When deploying a single GTM it is mentioned that we use a self IP, but for a redundant pair it does eplicitly say. Since the configuration is done on one GTM in the pair and synchronised to the other backup device, I do tno think a self-IP is going work. Can we use a IP from the subnet used for the LTM VIPs? This subnet is not on a directly connected VLAN, but is a subnet that is routed to the BIg-IP. Many thanks, Michael
Solved
MH
Oct 18, 2022 Place Technical Forum
1.3KViews
1like
2Comments
How root hint works if it have multiple IP addresses
I have created DNS cache using Resolver type. In Root Hints, I have put 6 IP addresses in the list. Not sure how it works. Is it work in sequence from the first in the list?
Kriangkrai_Hong
Sep 05, 2019 Place Technical Forum
422Views
1like
1Comment
Geolocation when LDNS in a different geography than user doing the lookup
I am wondering if anyone has clever thoughts on how to address the situation with Topology load-balancing on F5 DNS. If a user is in EMEA but their ISP DNS server is in the US, it will be that DNS server in the US whose IP is analyzed by the geolocation database on the F5 and the GTM will respond with the DNS entry appropriate for US IP addresses. This circumvents our geolocation intent. Is there anything anyone has come up with to do to address this?
Mary
Sep 28, 2020 Place Technical Forum
627Views
1like
2Comments
Virtual server address space on disaster recovery F5 instance
I am working on setting up a disaster recovery instance of an existing HA BIGIP pair. I would like to ConfigSync (sync only) my local devices to the new device which is located in a different data center. The issue is that if/when I needed to "fail over" (manually) to the new disaster recovery device, the IP space of the virtual servers are different. So for example if my virtual server "A" has a destination address of 192.168.1.10 in my existing data center, the new destination address might be 10.1.1.10. (Note: I am less worried about pool member IP space, because I can use priority groups and have the disaster recovery pool member IPs pre-configured but disabled). My first thought was a "DR go live" script which would search & replace the config file and reload it, but is there a more "elegant" way to handle this dilemma, without having them have the same IP space?
patonbike
Sep 23, 2020 Place Technical Forum
629Views
1like
1Comment