F5 BIG-IP Edge Client - Firewall Check Failed
Hi all. I'am new here and I don't know almost nothing about F5. But I have to support F5 BIG-IP Edge Client. And from time to time we have the following problem: When the user tries to connect they get the message "Firewall check failed. Please activate Windows Firewall and try again." But that problem have only 3-5 users. Mostly after the Windows Updates. We tried a few things: Uninstall and install the BIG-IP Software Checked the Windows firewall were on, also the rules With diffrent user on the same client And a lot of other things I cant remember nothing helped. So we have to install a new Windows on the machine, which can not be the solution. Maybe anyone of you had the same problem. I hope you can help me. We use Windows 7 x64 Notebooks. BIG-IP Edge Client Version is 7101,2014,1106,1707. Thanks643Views0likes3CommentsMultiple virtual servers for multiple applications on one server
Hi all, So we have a server here housing multiple webapplications, each with its respective sub-URI such as /capacity/, /track/, etc.. So we would like to create a virtual server for every application in order to manage ASM. I created the following iRule, and I logged to check if everything is set up correctly. As far as I can see, everything is set up correctly.. but i'm still not getting any response back. Suggestions? Application 1: www-acg.bru-hub.comp.com/capacity/ Application 2: www-acg.bru-hub.com.com/track/ Desired behaviour: prod-CMS-vs --> www-acg.bru-hub.comp.com/capacity/ prod-TRACK-vs --> www-acg.bru-hub.comp.com/track/ iRule: when HTTP_REQUEST { set application [getfield [virtual name] "-" 2] set pool "live-$application-pool" if [ catch { pool "$pool" } ] { HTTP::respond 404 content "Application pool $pool does not exist." Mime-Type "text/html" } else { switch "$application" { "CMS" { set path "capacity" } "TRACK" { set path "track" } default { HTTP::respond 404 content "Application $application does not exist." Mime-Type "text/html" } } HTTP::uri "/$path[HTTP::uri]" HTTP::header replace Host "www-acg.bru-hub.comp.com" log local0. "URI is: [HTTP::uri], pool is $pool, host is [HTTP::host]" pool "$pool" } } Any suggestions or solutions are greatly appreciated. Thank you!468Views0likes3Commentsf5-lbaasv-1.0.10 agent configuration to test single tenant f5 lbaas with openstack
I am trying F5 LBaaSv1 VERSION 1.0.10 driver and agent to provision the pool,vip and pool member into bigip ltm 11.6 VE launched as openstack vm. Here are below steps i have followed. 1. launched bigip ltm vm with 3 interfaces. 2. interface eth0 is management interface . 3. I performed below steps from UI of bigip vm and datapath work for lbaas. 3.1.SNAT Creation SNAT is created with following configuration. Translation Automap Origin All Ipv4 addresses VLAN / Tunnel Traffic ALL 3.2. Created 2 vlan Untagged tunnel. Internal : Interface 1.1(eth1) with ip 51.0.0.4 is for internal network(network b/w pool member and bigip vm) External : Interface 1.2(eth2) is with ip 61.0.0.4 for vip (external network) 3.3 Created 2 selfip selfip 51.0.0.4 created for internal tunnel selfip 61.0.0.4 created for external tunnel 3.4. Created virtual server with destination ip 61.0.0.4. 3.5. Created pool and added 2 pool member (51.0.0.9, 51.0.0.10) 3.6. Launched vm on 61.0.0.0/24 network address and sent curl request to vip 61.0.0.4 and datapath work. Now i want to provision above steps with f5-oslbaas-agent,agent run with f5-oslbaasv1-agent.ini,That has many configurable options,which are the option i need to fill to test single tanant f5lbaas.Any thoughts on this??231Views0likes0CommentsAPM access policy default logout URI override based on landing URI?
Hi, we have currently an APM access policy that splits in different branches, based on the landing URI. All works fine, but when we log out, the default behavior is to redirect the client for any further new sessions back to root (/). I know that this can be customized under Access Policy -> Customization, but then it's valid for the entire access profile. We would like to reuse the initial landing URI, so that each application can be relaunched again after logout, with the original landing URI that was previously entered. I don't find any setting in VPE (maybe this logout URI can be overridden by the landing URI by passing a parameter), or does anyone has any experience in doing this with either policies, either iRules? An example would be appreciated :)740Views0likes7CommentsUse REST iControl to upload bundle of key AND cert?
Hi all, I am currently automatizing our management in our software. I can successfully add certs, keys or bundles consisting of certs. But I would like to upload a bundle consisting of a key and a cert. Bigip only recognizes the private key in the pem tough. Any ideas? Used URL is tm/sys/crypto ofcourse.242Views0likes2CommentsAuthentication with HP Protect
Good Afternoon, I was hoping someone might be able to help me with a problem I have. I currently have a set up where my traffic will go from user to the F5, this then goes to the DC to get a kerberos ticket via APM. After this, the traffic is passed to the content server then back to the user. Since this design has been in use and proven, we have then had to introduce HP ProtectTools. Since we have introduced this, I have the following problem; When the user hits the F5 and is passed to the DC, the hashed passwords do not match as the HP ProtectTools provides a unique hash. Is it possible for the F5 APM to somehow request the HP protect password hash? Or, does anyone have any other ideas how to tackle this issue? Cheers Adie253Views0likes2CommentsViprion 2400 Account locked out with Root/Admin Disabled
Hi I am using Viprion 2400 with B2150 Blade on V11.6.0 HF4 in standalone mode. Due to security, we had to disable root/admin account and created a single generic user with Shell Access. We also have a account lock out policy after 5 failed logins. Unfortunately, someone managed to input wrong password five times and resulted in account locked out. Now we have only single user with Access to Host and it is locked. There are three Guests which are working fine. I have tried https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13121.html and sol4178 for login to single user ID. The problem I am facing is that we have a single user who is locked out and even if we reset password by sol13121 the account is still locked out. I have raised a support ID with F5 and they advised to do complete re-fresh build on Viprion Host. I have three Guests running and can't understad why we don't have any backdoor to get this sorted. Any help would be appreciated. Thanks Syed258Views0likes1Commentdata group and route-domain
we have the following data group: ltm data-group internal PRODZONE { records { 10.200.168.11/32 { } 10.200.168.12/32 { } 10.200.170.19/32 { } 10.200.170.20/32 { } 10.200.170.23/32 { } 10.200.170.24/32 { } } type ip } The virtual which references this is in route-domain 75. do we need %75 at the end of each ip address in the datagroup?219Views0likes1CommentiRule for Redirect URI based on string
Hello , I want to redirect URI based on the URI string as mentioned below . Can someone please help me to write the irule for below requirements Not Transformed: ORIGINAL URL: This will pass through unchanged: https://eysso.xyz.com/eysso/sso_login.aspx Transformed: ORIGINAL URL: https://eysso.xyz.com/eysso/sso_login.aspx?DeepLinkKey=5218c74f-5047-4228-9a6b-656b761e4fac SHOULD BE TRANSFORMED TO: https://eysso.xyz.com/eygsso/sso_login.aspx?DeepLinkKey=5218c74f-5047-4228-9a6b-656b761e4fac Regards, Muthu373Views0likes2CommentsCan I use 1 VIP for servers on multiple subnet
Hi! this is my desired topology ----request----10.0.0.1---BIG IP (LTM) ----- POOL [ Server Group 1 (10.0.1.0/24) + Server Group 2 (10.0.2.0/24) ] It's mean, when users request to 10.0.0.1 - LB will redirect to servers on Group 1 and Group 2 (diffirent subnets) is it possible? My customer said that they couldn't add members on Group 2 to Pool thanks!413Views0likes4Comments