F5 Open telemetry issue
Hi all, we have the issue with TS on f5, we installed TS package, set up declaration but when we are checking f5 url/telemetry we dont see atribute which we should see in the attachment you can see the declaration we have used and posted on f5 expecting to see everything, but we see only some basic status, not eg: f5 pool active members, f5 pool availability we dont see any errors in /var/log/restnoded/restnoded.log and when we check url: localhost/mgmt/shared/telemetry/pullconsumer/metrics we see nothing useful. Any help would be appreciated.Unblocking CSV uploads
Hello, We currently have a server that needs to upload CSV files. If the CSV is well formatted, the users want to be able to export anything from Excel and not get blocked. E.g. headers with ":", text like "sleep", etc. On top of that, they sometimes have long file names, and big files (10 GB). Do you have any advice to which rules put in place for this scenario? We don't want to create security risks, but in any case the CSV is being stored as text in an Elastic Search database. Thank you in advance, Artur
In Radius auth, how to allow second attempt of token input when the first input is incorrect?
We currently have a Radius authentication in our access policy on F5 APM. Sometimes the user may mis-input the token received from SMS and we would like the Radius authentication page to ask the user to input again instead of redirecting back to logon page on first mis-input, in other words to have a second attempt for token input with the same token from SMS. Can we achieve this function in F5 APM? Thanks a lot.
Terraform volterra problem
Hi Community, I need some help: I have a local generated certificate.pfx file and a password. Where is the problem? locals { certificate_content = filebase64(var.certificate_file) password_content = base64encode(var.certificate_password) password_string_format = "string:///${local.password_content}" string_format = "string:///${local.certificate_content}" } resource "volterra_certificate" "certificate-test" { name = "certificate-test-03-26-25" namespace = "tf-dev" description = "Simple Description" disable = true private_key { clear_secret_info { url = local.password_string_format } } certificate_url = local.string_format use_system_defaults = true disable_ocsp_stapling = true } volterra_certificate.certificate-test: Creating... ╷ │ Error: error creating Certificate: Creating object: Post "/public/namespaces/tf-dev/certificates": unsupported protocol scheme "" │ │ with volterra_certificate.certificate-test, │ on certificate.tf line 10, in resource "volterra_certificate" "certificate-test": │ 10: resource "volterra_certificate" "certificate-test" {Unable to connect any resources after establishing VPN connection
I am currently setting up the BIG-IP APM to provide secure VPN connections for the users in my company. After the VPN connection is established, I cannot access any external or internal resources and the lower network adapter icon in Windows says "no internet access". I checked the ipconfig, an IP has been assigned but the default gateway is marking as 0.0.0.0. And the route table shows a "On-link" gateway for destination 0.0.0.0. I tried to traceroute some external IPs and found the request being forwarded to the Virtual IP of the BIG-IP APM. I suspect the issue is due to the gateway settings but I could not find any setting related to default gateway on the console. (I saw some online videos showing an option to input "default gateway configuration" in the wizard page, but mine do not have this option.) Thank you for your help.EntraID + F5 as Oauth client/resource server not sending ID Token to app
Hello, Here is the basic setup. F5 is configured to use EntraID and is set up as the client+resource server. When a user logs into the web app via EntraID they are able to login just fine. However, the web app only receives an access token via the F5. The web app gets invalid signature errors when trying to validate the access token. As per this conversation, ID tokens are to be used for validating users. I guess my overall question is, how do we send the ID token to the virtual server as well as the access token? I have OIDC connect enabled in the Oauth client in the access profile. I'm still fairly new to how oauth (and the F5) works so maybe I missed something obvious.Unable to set 'Session Ticket' attribute in TLS_Server object using AS3
I am currently in the process of migrating our F5 config towards AS3. However, I am currently running into an issue while converting the 'Session Ticket' attribute of our clientssl profiles (TLS_Server in AS3) While the AS3 Schema reference allows to provide a sessionTickets attribute for TLS_CLIENT objects, there is no such option for TLS_Server objects that I am able to find. Does anybody know how to set this attribute for SERVER_TLS objects in AS3? Is it just not possible? Is there a different option I need to use with AS3? Thanks in advance
Help with Setting up WAF in Guided Configuration - Route Configuration Issue
Hello F5 Community, I’m trying to set up the WAF functionality using the UI on my F5 device (version BIG-IP 17.1.1.3 Build 0.0.5 Point Release 3) in a clustered environment. I’m going through the steps as follows: Security -> Guided Configuration -> Web Application Protection -> Web Application Comprehensive Protection When I attempt to use this guided configuration, a list of prerequisites appears. The primary issue seems to be that there are no routes configured, even though my DNS and NTP are set up. I don’t fully understand why route configuration is necessary for this WAF setup or what it should entail. Additionally, if I try to bypass this warning and proceed with the deployment, I receive the following error message: “Error: <IP> not discovered in any device-group.” The F5 documentation doesn’t seem to cover this issue and I’m unsure how to resolve it. Could anyone help clarify: Why is route configuration required for WAF in this scenario? How should I proceed with configuring the necessary routes, or is there a workaround? If further information is needed, I’d be happy to provide it. Thank you very much for any guidance or resources you can offer!F5 BIG-IP password is hashed during Form based Client Initiated SSO
Hi, I'm having trouble setting up a seemingly simple SSO configuration for a portal. I have an initial logon page with AD authentication and an SSO credential mapping block to expose the user credentials in the session variables session.sso.token.last.username and session.sso.token.last.password. The problem is that when the password is injected into the app's login page, it is hashed (example: $CK$$XVGtyxu5Eni4DyNzJlVz1+UK/7NIy+00). I've also tried enabling the "secure" option in the form's configuration, but when it is enabled, the only password the app receives is "f5-sso-token". I will attach a screenshot below with the APM configuration. Thanks in advance.
