F5 BIG-IP Edge Client - Firewall Check Failed
Hi all. I'am new here and I don't know almost nothing about F5. But I have to support F5 BIG-IP Edge Client. And from time to time we have the following problem: When the user tries to connect they get the message "Firewall check failed. Please activate Windows Firewall and try again." But that problem have only 3-5 users. Mostly after the Windows Updates. We tried a few things: Uninstall and install the BIG-IP Software Checked the Windows firewall were on, also the rules With diffrent user on the same client And a lot of other things I cant remember nothing helped. So we have to install a new Windows on the machine, which can not be the solution. Maybe anyone of you had the same problem. I hope you can help me. We use Windows 7 x64 Notebooks. BIG-IP Edge Client Version is 7101,2014,1106,1707. Thanks
Multiple virtual servers for multiple applications on one server
Hi all, So we have a server here housing multiple webapplications, each with its respective sub-URI such as /capacity/, /track/, etc.. So we would like to create a virtual server for every application in order to manage ASM. I created the following iRule, and I logged to check if everything is set up correctly. As far as I can see, everything is set up correctly.. but i'm still not getting any response back. Suggestions? Application 1: www-acg.bru-hub.comp.com/capacity/ Application 2: www-acg.bru-hub.com.com/track/ Desired behaviour: prod-CMS-vs --> www-acg.bru-hub.comp.com/capacity/ prod-TRACK-vs --> www-acg.bru-hub.comp.com/track/ iRule: when HTTP_REQUEST { set application [getfield [virtual name] "-" 2] set pool "live-$application-pool" if [ catch { pool "$pool" } ] { HTTP::respond 404 content "Application pool $pool does not exist." Mime-Type "text/html" } else { switch "$application" { "CMS" { set path "capacity" } "TRACK" { set path "track" } default { HTTP::respond 404 content "Application $application does not exist." Mime-Type "text/html" } } HTTP::uri "/$path[HTTP::uri]" HTTP::header replace Host "www-acg.bru-hub.comp.com" log local0. "URI is: [HTTP::uri], pool is $pool, host is [HTTP::host]" pool "$pool" } } Any suggestions or solutions are greatly appreciated. Thank you!
f5-lbaasv-1.0.10 agent configuration to test single tenant f5 lbaas with openstack
I am trying F5 LBaaSv1 VERSION 1.0.10 driver and agent to provision the pool,vip and pool member into bigip ltm 11.6 VE launched as openstack vm. Here are below steps i have followed. 1. launched bigip ltm vm with 3 interfaces. 2. interface eth0 is management interface . 3. I performed below steps from UI of bigip vm and datapath work for lbaas. 3.1.SNAT Creation SNAT is created with following configuration. Translation Automap Origin All Ipv4 addresses VLAN / Tunnel Traffic ALL 3.2. Created 2 vlan Untagged tunnel. Internal : Interface 1.1(eth1) with ip 51.0.0.4 is for internal network(network b/w pool member and bigip vm) External : Interface 1.2(eth2) is with ip 61.0.0.4 for vip (external network) 3.3 Created 2 selfip selfip 51.0.0.4 created for internal tunnel selfip 61.0.0.4 created for external tunnel 3.4. Created virtual server with destination ip 61.0.0.4. 3.5. Created pool and added 2 pool member (51.0.0.9, 51.0.0.10) 3.6. Launched vm on 61.0.0.0/24 network address and sent curl request to vip 61.0.0.4 and datapath work. Now i want to provision above steps with f5-oslbaas-agent,agent run with f5-oslbaasv1-agent.ini,That has many configurable options,which are the option i need to fill to test single tanant f5lbaas.Any thoughts on this??
APM access policy default logout URI override based on landing URI?
Hi, we have currently an APM access policy that splits in different branches, based on the landing URI. All works fine, but when we log out, the default behavior is to redirect the client for any further new sessions back to root (/). I know that this can be customized under Access Policy -> Customization, but then it's valid for the entire access profile. We would like to reuse the initial landing URI, so that each application can be relaunched again after logout, with the original landing URI that was previously entered. I don't find any setting in VPE (maybe this logout URI can be overridden by the landing URI by passing a parameter), or does anyone has any experience in doing this with either policies, either iRules? An example would be appreciated :)
F5 Friday: HP Cloud Maps Help Navigate Server Flexing with BIG-IP
The economy of scale realized in enterprise cloud computing deployments is as much (if not more) about process as it is products. HP Cloud Maps simplify the former by automating the latter. When the notion of “private” or “enterprise” cloud computing first appeared, it was dismissed as being a non-viable model due to the fact that the economy of scale necessary to realize the true benefits were simply not present in the data center. What was ignored in those arguments was that the economy of scale desired by enterprises large and small was not necessarily that of technical resources, but of people. The widening gap between people and budgets and data center components was a primary cause of data center inefficiency. Enterprise cloud computing promised to relieve the increasing burden on people by moving it back to technology through automation and orchestration. As a means to achieve such a feat – and it is a non-trivial feat – required an ecosystem. No single vendor could hope to achieve the automation necessary to relieve the administrative and operational burden on enterprise IT staff because no data center is ever comprised of components provided by a single vendor. Partnerships – technological and practical partnerships – were necessary to enable the automation of processes spanning multiple data center components and achieve the economy of scale promised by enterprise cloud computing models. HP, while providing a wide variety of data center components itself, has nurtured such an ecosystem of partners. Combined with its HP Operations Orchestration, such technologically-focused partnerships have built out an ecosystem enabling the automation of common operational processes, effectively shifting the burden from people to technology, resulting in a more responsive IT organization. HP CLOUD MAPS One of the ways in which HP enables customers to take advantage of such automation capabilities is through Cloud Maps. Cloud Maps are similar in nature to F5’s Application Ready Solutions: a package of configuration templates, guides and scripts that enable repeatable architectures and deployments. Cloud Maps, according to HP’s description: HP Cloud Maps are an easy-to-use navigation system which can save you days or weeks of time architecting infrastructure for applications and services. HP Cloud Maps accelerate automation of business applications on the BladeSystem Matrix so you can reliably and consistently fast- track the implementation of service catalogs. HP Cloud Maps enable practitioners to navigate the complex operational tasks that must be accomplished to achieve even what seems like the simplest of tasks: server provisioning. It enables automation of incident resolution, change orchestration and routine maintenance tasks in the data center, providing the consistency necessary to enable more predictable and repeatable deployments and responses to data center incidents. Key components of HP Cloud Maps include: Templates for hardware and software configuration that can be imported directly into BladeSystem Matrix Tools to help guide planning Workflows and scripts designed to automate installation more quickly and in a repeatable fashion Reference whitepapers to help customize Cloud Maps for specific implementation HP CLOUD MAPS for F5 NETWORKS The partnership between F5 and HP has resulted in many data center solutions and architectures. HP’s Cloud Maps for F5 Networks today focuses on what HP calls server flexing – the automation of server provisioning and de-provisioning on-demand in the data center. It is designed specifically to work with F5 BIG-IP Local Traffic Manager (LTM) and provides the necessary configuration and deployment templates, scripts and guides necessary to implement server flexing in the data center. The Cloud Map for F5 Networks can be downloaded free of charge from HP and comprises: The F5 Networks BIG-IP reference template to be imported into HP Matrix infrastructure orchestration Workflow to be imported into HP Operations Orchestration (OO) XSL file to be installed on the Matrix CMS (Central Management Server) Perl configuration script for BIG-IP White papers with specific instructions on importing reference templates, workflows and configuring BIG-IP LTM are also available from the same site. The result is an automation providing server flexing capabilities that greatly reduces the manual intervention necessary to auto-scale and respond to capacity-induced events within the data center. Happy Flexing! Server Flexing with F5 BIG-IP and HP BladeSystem Matrix HP Cloud Maps for F5 Networks F5 Friday: The Dynamic Control Plane F5 Friday: The Evolution of Reference Architectures to Repeatable Architectures All F5 Friday Posts on DevCentral Infrastructure 2.0 + Cloud + IT as a Service = An Architectural Parfait What is a Strategic Point of Control Anyway? The F5 Dynamic Services Model Unleashing the True Potential of On-Demand ITUse REST iControl to upload bundle of key AND cert?
Hi all, I am currently automatizing our management in our software. I can successfully add certs, keys or bundles consisting of certs. But I would like to upload a bundle consisting of a key and a cert. Bigip only recognizes the private key in the pem tough. Any ideas? Used URL is tm/sys/crypto ofcourse.Authentication with HP Protect
Good Afternoon, I was hoping someone might be able to help me with a problem I have. I currently have a set up where my traffic will go from user to the F5, this then goes to the DC to get a kerberos ticket via APM. After this, the traffic is passed to the content server then back to the user. Since this design has been in use and proven, we have then had to introduce HP ProtectTools. Since we have introduced this, I have the following problem; When the user hits the F5 and is passed to the DC, the hashed passwords do not match as the HP ProtectTools provides a unique hash. Is it possible for the F5 APM to somehow request the HP protect password hash? Or, does anyone have any other ideas how to tackle this issue? Cheers AdieViprion 2400 Account locked out with Root/Admin Disabled
Hi I am using Viprion 2400 with B2150 Blade on V11.6.0 HF4 in standalone mode. Due to security, we had to disable root/admin account and created a single generic user with Shell Access. We also have a account lock out policy after 5 failed logins. Unfortunately, someone managed to input wrong password five times and resulted in account locked out. Now we have only single user with Access to Host and it is locked. There are three Guests which are working fine. I have tried https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13121.html and sol4178 for login to single user ID. The problem I am facing is that we have a single user who is locked out and even if we reset password by sol13121 the account is still locked out. I have raised a support ID with F5 and they advised to do complete re-fresh build on Viprion Host. I have three Guests running and can't understad why we don't have any backdoor to get this sorted. Any help would be appreciated. Thanks Syeddata group and route-domain
we have the following data group: ltm data-group internal PRODZONE { records { 10.200.168.11/32 { } 10.200.168.12/32 { } 10.200.170.19/32 { } 10.200.170.20/32 { } 10.200.170.23/32 { } 10.200.170.24/32 { } } type ip } The virtual which references this is in route-domain 75. do we need %75 at the end of each ip address in the datagroup?iRule for Redirect URI based on string
Hello , I want to redirect URI based on the URI string as mentioned below . Can someone please help me to write the irule for below requirements Not Transformed: ORIGINAL URL: This will pass through unchanged: https://eysso.xyz.com/eysso/sso_login.aspx Transformed: ORIGINAL URL: https://eysso.xyz.com/eysso/sso_login.aspx?DeepLinkKey=5218c74f-5047-4228-9a6b-656b761e4fac SHOULD BE TRANSFORMED TO: https://eysso.xyz.com/eygsso/sso_login.aspx?DeepLinkKey=5218c74f-5047-4228-9a6b-656b761e4fac Regards, Muthu
