help
6 TopicsHelp with Setting up WAF in Guided Configuration - Route Configuration Issue
Hello F5 Community, I’m trying to set up the WAF functionality using the UI on my F5 device (version BIG-IP 17.1.1.3 Build 0.0.5 Point Release 3) in a clustered environment. I’m going through the steps as follows: Security -> Guided Configuration -> Web Application Protection -> Web Application Comprehensive Protection When I attempt to use this guided configuration, a list of prerequisites appears. The primary issue seems to be that there are no routes configured, even though my DNS and NTP are set up. I don’t fully understand why route configuration is necessary for this WAF setup or what it should entail. Additionally, if I try to bypass this warning and proceed with the deployment, I receive the following error message: “Error: <IP> not discovered in any device-group.” The F5 documentation doesn’t seem to cover this issue and I’m unsure how to resolve it. Could anyone help clarify: Why is route configuration required for WAF in this scenario? How should I proceed with configuring the necessary routes, or is there a workaround? If further information is needed, I’d be happy to provide it. Thank you very much for any guidance or resources you can offer!71Views0likes4CommentsF5 BIG-IP password is hashed during Form based Client Initiated SSO
Hi, I'm having trouble setting up a seemingly simple SSO configuration for a portal. I have an initial logon page with AD authentication and an SSO credential mapping block to expose the user credentials in the session variables session.sso.token.last.username and session.sso.token.last.password. The problem is that when the password is injected into the app's login page, it is hashed (example: $CK$$XVGtyxu5Eni4DyNzJlVz1+UK/7NIy+00). I've also tried enabling the "secure" option in the form's configuration, but when it is enabled, the only password the app receives is "f5-sso-token". I will attach a screenshot below with the APM configuration. Thanks in advance.Solved50Views0likes1CommentBig-IP Edge Client HELP!!!! SEH_Filter, UNHANDLED EXCEPTION!!! Code: 0xc000001d - Illegal instruction- ON windows 11 VM
Hello Folks, i am running the new MacBook with m1 chip and it requires that i can only run ARM based vm on it. I did find a windows 11 insider edition on ARM architecture. I got the windows 11 VM up and running and then installed the client downloaded from my company available publicly here. https://vpnconnect.bell.ca/vpn/public/share/BIGIPEdgeClient.exe The client starts up but then immediately closes after about 5s and in the logs the last error thrown is - Error 2021-11-24 3:34:46:061 Standalone SEH_Filter, UNHANDLED EXCEPTION!!! Look for F5CORE*.dmp files. Address: 0x71a0db00. Code: 0xc000001d - Illegal instruction earlier on a older laptop - i used to run a windows 7 vm on mac os and used the same client and same steps and it worked without any issues, but now with the new ARM architecture i can ONLY install windows 11 vm . so not sure if the issue is the architecture or windows 11 or something else? Please help suggest how I can proceed ? This is really critical I get the edge client working and connected on the windows 11 VM as i have apps that require the use of windows. Thanks in advance!!!807Views0likes0CommentsF5 Resources for COVID-19
We've assembled various places to get information & resources pertaining to COVID-19. Along with everything here on DevCentral, here - at a high level - is where you can get help from F5. F5 Corporate Resources: Guidance to Address the Dramatic Increase in Remote Workers A LETTER FROM CEO FRANÇOIS LOCOH-DONOU REGARDING F5'S RESPONSE TO COVID-19 RESPONDING TO CORONAVIRUS: SIX WAYS TO IMPROVE APP AVAILABILITY AND PERFORMANCE FOR YOUR END USERS F5 KEEPS REMOTE WORKERS CONNECTED AND SECURE WITH BIG-IP APM DNS IS NOT THE FIRST THING THAT COMES TO MIND IN A CRISIS COVID-19:FIRST THINGS FIRST Optimizing Remote Access to Support WFH during COVID-19 Maintaining Business Continuity During a Global Crisis F5 Technical Services: Continuing Business in the Time of Coronavirus Engaging Global Teams and Communities during Shifting Tides of COVID-19 Living through the Pandemic in Asia: A Perspective on Crisis Video and Network Optimization for Mobile Service Providers in the Time of COVID-19 How Secure is your VPN? Keeping Financial Services Secure How our Customers are Making a Difference Service Providers Keep the World Connected *NEW* Corporate Payments Go Digital in the Wake of COVID-19 *NEW* Don’t Leave Security Behind – 6 Months of SaaS-based Web App Protection Free for Healthcare, Non-Profits, and Education *NEW* Securing Remote Access While Protecting Against Encrypted Threats *NEW* Microsoft and F5: Together Addressing Secure Remote Access and Productivity *NEW* How a Crisis Reveals the Value of Human-Centered Systems *NEW* Taking a ‘Human-First’ Approach as Customers Swiftly Adapt *NEW* Unintended Consequences of COVID-19: Operational Exposure *NEW* Agility in a Time of Disruption DevCentral Resources: F5 Supporting Our Technical Community During the Covid-19 Outbreak SSL VPN Split Tunneling and Office 365 Securing your VMware Remote Solutions to Support COVID-19 Work From Home Scaling Free F5 Training: Getting Started with BIG-IP APM Scaling SSL VPN using BIG-IP Local Traffic Manager (LTM) Hitting the Easy Button: Securing the Remote Desktop on F5 BIG-IP APM Deploying a VPN on the BIG-IP APM How to optimize SSL VPN connections when BIG-IP is reaching 100% CPU APM Optimisation Script Remote Desktop Protocol (RDP) using an SSL VPN Connect to the F5 VPN with BIG-IP Edge Client VPN Split Tunneling: The Benefits and Risks COVID-19 Response: Supplement to the BIG-IP APM and BIG-IP Edge Client Operations Guides Mitigate Unplanned Scale Issues with an iRule Waiting Room COVID-19 Response: F5 Certifications Q&A *NEW* Identity-Aware Proxy in the Public Cloud *NEW* Using iCall to monitor BIG-IP APM network access VPN *NEW* Rate Limiting SSL VPN User Traffic *NEW* TLS Caching Explained on BIG-IP Support: F5 Support & AskF5 AskF5 K70811681: F5 response to the global impact of coronavirus Emerging APM issues you may experience during the COVID-19 outbreak APM Network Access (VPN) compression causes CPU usage higher VPN for business continuity Series Configuring Network Access Exclude Address Space by Hostname or FQDN VoIP through Network Access connections How to create a DTLS Virtual Server for Network Access VPN VPN slowness Failed to launch Native RDP for Windows 7 resources via APM Overview of BIG-IP Edge Client failure codes Configuring the BIG-IP APM system to log a notification when APM sessions exceed a configured threshold Users not being able to receive OTP code, with error message from Exchange O365 Under Attack?: F5 Security Incident Response Team (SIRT) F5Labs Resources: Is Your Organization Ready for COVID-19? What Can Pandemics Teach Us About Cyber Security? Four Risks to Consider with Expanded VPN Deployments *NEW* Mirai “COVID” Variant Disregards Stay-at-Home Orders *NEW* A Letter to the Present from a Post-Pandemic IT Director *NEW* Fraudulent Unemployment Claims Signal Consumers to Step Up Personal Identity Protection NGINX Resources: Free Resources for Websites Impacted by Covid19 We will continue to add to this as articles arrive! ps4.2KViews5likes1CommentiRule redirect to another vip with same IP but diffrent port
Hi all, i need to set an iRule to a VS because we want to balance incoming traffic to a specific pool, but if the request have "/XXX" in the string, the connection has to be redirected to another VS with another application port; Here's what i mean: when HTTP_REQUEST { if {[HTTP::uri] equals "/XXX"} {HTTP::redirect "-IDK-"} else { use pool pool_SERVICE_PORT } } where "-IDK-" is for "I does not know what's proper" gimme an hand, pliiiiiiiiiis!Solved646Views0likes5Comments