Oracle Weblogic with F5 issue,Jsession your session has expired
What can be done to resolve an issue on an oracle weblogic VIP which offloads SSL, The page loads and a "YOUR SESSION HAS EXPIRED" message is popped out,and the page redirects back to login page. When the backend servers are called directly, no such error is encountered. I already deployed an iapp for this,and it didn't solve the issue.299Views0likes1CommentOffice 365 iApp on 13.1.1?
I'm about to setup a Office365 webtop on 13.1.1.4, and I've noticed that the iApp does not officially support that version. According to the README the iApp only supports up to 12.0. This is the top of the README: Version: f5.microsoft_office_365_idp.v1.1.1rc1 Last modified: January 2019 iApp requires: BIG-IP version 11.3 - 12.0 The deployment guide (listing the exact version, 1.1.1rc1, of the iApp file) says "11.3 - 13.0". There's also a note in the README saying an issue was resolved in the iApp for 14.1 users, leading me to believe 13.1 should be fine: Corrected an issue that caused TCL iApps using client-ssl profiles to break when the iApp was reconfigured. This issue only affected iApps running on BIG-IP 14.1. So... am I safe using this in 13.1? The BIGIP in question is in production and it's uptime is important, I don't want to make any mistakes on this.279Views0likes0CommentsOffice 365 iApp on 13.1.1?
I'm about to setup a Office365 webtop on 13.1.1.4, and I've noticed that the iApp does not officially support that version. According to the README the iApp only supports up to 12.0. This is the top of the README: Version: f5.microsoft_office_365_idp.v1.1.1rc1 Last modified: January 2019 iApp requires: BIG-IP version 11.3 - 12.0 The deployment guide (listing the exact version, 1.1.1rc1, of the iApp file) says "11.3 - 13.0". There's also a note in the README saying an issue was resolved in the iApp for 14.1 users, leading me to believe 13.1 should be fine: Corrected an issue that caused TCL iApps using client-ssl profiles to break when the iApp was reconfigured. This issue only affected iApps running on BIG-IP 14.1. So... am I safe using this in 13.1? The BIGIP in question is in production and it's uptime is important, I don't want to make any mistakes on this.337Views0likes0CommentsCan we add a variable reference in a Send String via iApp
Hi, I have an application running via an iApp. I need to add a https monitor to it. Now the thing is the fqdn has over 40 ips, so wanted to know if we can add a variable reference in the send string, tried the below but gives an error. I tried using a variable dest1 and tried to call it in the send string but it does not take the template. set dest1 \[ lindex \[ RESOLV::lookup @$::dns_recursor -a $::fqdn__dns \] 0 \] proc create_monitor { } { set monitor_type "https" set monitor_name "external_${tmsh::app_name}-monitor" set monitor_interval "5" set monitor_timeout "16" set send {"GET / HTTP/1.1"} append send {"\n\n\r\n"} set destination /$dest1 tmsh::create / ltm monitor $monitor_type $monitor_name interval $monitor_interval timeout $monitor_timeout send $send destination $destination } can anyone put some light on this. Thanks, Aditya270Views0likes1CommentDeleting iApp - Pool and VIPs already gone
Hi, I came accross a situation where the VIP and Pool, etc. were created by an iApp. Strict Updates was disabled and the Pool and VIP was removed outside of the iApp. The iApp is not in use, but I'd like to cleanup. I was concerned about deleting to iApp since many of the objects under it have already been deleted. Is there any consequence to deleting the iApp via the GUI? I don't want to corrupt the config, or at least I'd like to have an idea of any fallout before I pursue it. BigIP version 13.1.3.4 - Thanks for any insights. MikeSolved1.1KViews1like2CommentsAutoDiscover Issue with Exchange 2016 iApp
Hello together, got one big problem: I have deployed successfully the iApp template of Exchange 2016 and the customer wants to use OWA and AutoDiscover Service. The AutoDiscover Service is not working as expected.. so the user cannot authenticate with e-mail or domain\username. My Access Policy: Logon Page (Split Domain from full Username YES) -> AD Query (Cross Domain Support DISABLED) -> AD Auth (Cross Domain Support ENABLED) -> SSO Credential Mapping (default). I used the right Domains and Access Profiles. OWA is a logon possible with E-Mail, User and domain\User. But AutoDiscover is just User and domain\User. E-Mail is NOT working. Does anyone know, how the users could finally authenticate via E-Mail? They're claiming that they're not able to use AutoDiscover Thanks in Advance! Hank446Views0likes1CommentRemoving the 'reject' keyword from a virtual, using TMSH / iApp
I have an iApp which creates a virtual server. Depending on one of my iApp choices, this is either configured as a normal load-balancing virtual server (displayed as "Standard" in the web GUI), or to reject all traffic (displayed as "Reject" in the web GUI) However, I cannot seem to find a way to toggle the 'reject' value and turn it back into a normal virtual server. For example, the current iApp template code contains: set cmd "ltm virtual ${vname} destination ${ip}:${port}" if {[iapp::is ::net__reject "yes"]} { append cmd " reject" } iapp::conf create $cmd If I create a new application based on this template and set the net.reject choice to no, it creates the virtual server without the reject keyword; if I then reconfigure and set the net.reject choice to yes it modifies the virtual server and adds the reject keyword; but if I reconfigure again and set the net.reject choice back to no it does not remove the reject keyword. So how does one remove the reject keyword in my iApp (or in tmsh, for that matter)?468Views0likes14CommentsSelecting Server SSL in iRule and iApp
Hi, I know that this is not usual situation to modify anything in iApp objects. Anyway I did it for some test purposes and something took me off guard. Setup: iApp with Client SSL Server SSL iRule with code like that: set profile "SSL::profile ${ssls}" if { [PROFILE::exists serverssl] == 1} { Trying to set profile specified by ssls var if { [catch {eval $profile}] } { Setting profile failed - most probably profile with name specified by ssls var does not exixst catch {eval $disable} Client connection should be rejected reject is triggering LB_FAILED and HTTP respond can be used reject } else { Hide these commands from the iRule parser (in case no serverssl profile is applied) set enable "SSL::enable serverside" if { [catch {eval $enable}] }{ reject } } } Profile specified in [catch {eval $profile}] is from /Common/ folder Profile attached to VS is of course from /Common/iapp_name/ folder Even if there is no error in log and everything looks like success when SERVERSSL_CLIENTHELLO_SEND is triggered (used to set SNI) Server SSL profile reported by [PROFILE::serverssl name] is the one attached to VS. When no iApp based VS is used profile switching works without issue. I wonder if this is because new Server SSL should be in the same folder as iApp attached profile, so not in /Common/ but in /Common/iapp_name/? Piotr323Views0likes1CommentExchange 2013 iApp - Block Activesync except from one IP
Have only used the iApp templates with their defaults in the past but now I'm needing to allow only one IP to ActiveSync to it. We are using MobileIron for mobile devices and I want to only allow MobileIron to talk to the F5 for ActiveSync traffic. I believe they will be pointing their MobileIron server to the F5 VIP. Any easy way to do this? I've seen one post with code for an iRule to 'block' all activesync traffic but not allow only one IP. This is what I was referring to: when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { drop } } }Solved725Views0likes16CommentsHelp with irule using eval and RESOLV
Help with irule using eval and RESOLV I've an iapp and im trying to cache dns server response. The irule works on standalone F5 running 11.5.3 but fails on HA pair (no mirror, active/standby). Section of the irule which is not working: when RULE_INIT { set static::ext1 { RESOLV::lookup @$::dns__ip1 -a $::main__dns__name } after 10000 -periodic { set srv_ips \[ eval \$static::ext1 \] set dest \[ lindex \$srv_ips 0 \] } } This is not complete irule but a section of it. Pls note that irule does works with standalone box and only with HA pair running same sw code it doesnt work. on HA pair either the RESOLV or eval doesnt work and returns blank response. Following are the things tried a. Reboot of F5 (guest and host) b. tried inputing %0 indicating default route domain in the iapp where it takes DNS as input. c. Unable to use RESOLV without since event is RULE_INIT. However, the same irule works on host which is standalone. d. did pcap and could not find any DNS queries made out. e. Suspected rule_init is not triggered and made modifications to that section. Later noticed that every time iapp is applied, rule_init is invoked. Any suggestions/advise would be helpful.310Views0likes2Comments