Unable to use RDP in APM portal - Java applet cannot be started
Attempts with Chrome and Firefox with recent Java (8u131) results in "Java applet cannot be started. Please make sure that a required version of Java is installed."-error when attempting to start the Java Applet RDP-client from an APM webtop. This is on BIG-IP 11.6.1. I see there is the option of running a native RDP client on BIG-IP 13.0, but is there some work-around available on 11.X?
Java RDP applet through APM stops working after update to 8v131
We have been using the RDP applet on a webtop portal page (APM) for quite some time now. However, since the Java update to 8u131 the applet can no longer be used. The error message is: "Your security settings have blocked an untrusted application from running. The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned: " After adding the domein to the exception list of on the java client (as a workaround) it does continue but after opening the RDP client the F5 page throw the following error: "access denied ("java.util.logging.LoggingPermission" "control")" We clearly did miss something since I cannot find any other sources claiming to have this problem. I did find a source claiming this change would be made in Java 8u131: http://www.infoworld.com/article/3159186/security/oracle-to-java-devs-stop-signing-jar-files-with-md5.html We are running quite an old version of the BIG-IP software: BIG-IP 11.5.4 Build 2.0.291 Hotfix HF2 Is this solved in a later release (in the 11.5.4 branch)? I did stroll through the release notes but did not find anything mentioning resigning the applets. Any ideas?
FirePass - java.lang.NoClassDefFoundError: F5JApplet
We need to maintain a system that uses FirePass and need to add an applet to one of the applications that is accessed via FirePass. When the applet is accessed directly everything is ok, but when accessed via FirePass we see the error: java.lang.NoClassDefFoundError: F5JApplet at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) We realise that FirePass re-writes the Java byte code and have tried switching that off, but we then get issues with the applet not being able to resolve some of the URLs. Are there any additional libraries that need to be installed on the client? Or how are the F5Applet, F5Socket classes supposed to be added? Appreciate any help Ka
hello, We have a Web application loadbalanced on f5 but certain page which uses java applet doesnt seem to come up.
hello, We have a Web application load balanced on f5 but certain page which uses java applet doesnt seem to come up. But when directly accessed bypassing f5, it works fine. Below is Virtual server configuration details :- ltm virtual VS_3030_x.x.x.x { address-status yes app-service none auth none auto-lasthop default bwc-policy none clone-pools none cmp-enabled yes connection-limit 0 description none destination x.x.x.x:arepa-cas enabled fallback-persistence none flow-eviction-policy none gtm-score 0 ip-protocol tcp last-hop-pool none mask 255.255.255.255 metadata none mirror disabled mobile-app-tunnel disabled nat64 disabled partition Common per-flow-request-access-policy none persist none policies { asm_auto_l7_policy__VS_x.x.x.x { } } pool PWAPM_POOL_3030 profiles { dos { context all } http { context all } tcp { context all } websecurity { ---(less 56%)--- ltm virtual VS_3030_x.x.x.x { address-status yes app-service none auth none auto-lasthop default bwc-policy none clone-pools none cmp-enabled yes connection-limit 0 description none destination x.x.x.x:arepa-cas enabled fallback-persistence none flow-eviction-policy none gtm-score 0 ip-protocol tcp last-hop-pool none mask 255.255.255.255 metadata none mirror disabled mobile-app-tunnel disabled nat64 disabled partition Common per-flow-request-access-policy none persist none policies { asm_auto_l7_policy__VS_3030_x.x.x.x{ } } pool PWAPM_POOL_3030 profiles { dos { context all } http { context all } tcp { context all } websecurity { context all } } rate-class none rate-limit disabled rate-limit-dst-mask 0 rate-limit-mode object rate-limit-src-mask 0 related-rules none rules { RSA_SA } security-log-profiles { "RSA SA" } service-down-immediate-action none service-policy none source 0.0.0.0/0 source-address-translation { pool none type automap } source-port preserve syn-cookie-status not-activated traffic-classes none translate-address enabled translate-port enabled urldb-feed-policy none vlans none vlans-disabled vs-index 30 } (END) As you can see above, there is an asm policy applied. I am new with ASM .Can it be blocked by ASM ? but when I checked in logs , there was nothing when filtered with respect to the Virtual server or source ip. Version :BIG-IP 12.0.0 Build 1.0.628 Hotfix HF1 Please do guide me what needs to be done. Thanks in advance!Java applet access through "Portal Access"?
Hello all, I have a problem when trying to configure the access to a web server inside my network and then launching a Java Applet propperly. The scenario is as you can see below: The Java Applet is used for managing connections to WTS (the WTS inside the internal network is a target example). I have configured a link using the Portal Access (Virtual Server) to the web server where the Java Applet resides, enabling both full patching and Java patching. Also I have configured for the Virtual Server a rewrite profile. After the configuration, I connect to the virtual server using a browser on a laptop, outside the internal network, as a typical user scenario. The issue comes when the Java Applet is downloaded, as there is no "code rewriting" and/or "code signing", in order to keep the applet connected to the Big IP. Unfortunately, this is needed in order to access the WTS inside the internal network (the Applet is actually used for managing WTS sessions). In other devices such as Juniper, this is automatically done by the device itself (there is a code rewriting/signing done on the fly) so that the very same applet works propperly. Does anyone knows if is there a way to configure this feature and how to do it? If this is not the case, where can I find an API or the appropriate documentation for adapting the applet for the big IP by myself? Thanks in advance for your help, any tips or workarounds will be really appreciated.Java applet access through "Portal Access"?
Hello all, I have a problem when trying to configure the access to a web server inside my network and then launching a Java Applet propperly. The scenario is as you can see below: The Java Applet is used for managing connections to WTS (the WTS inside the internal network is a target example). I have configured a link using the Portal Access (Virtual Server) to the web server where the Java Applet resides, enabling both full patching and Java patching. Also I have configured for the Virtual Server a rewrite profile. After the configuration, I connect to the virtual server using a browser on a laptop, outside the internal network, as a typical user scenario. The issue comes when the Java Applet is downloaded, as there is no "code rewriting" and/or "code signing", in order to keep the applet connected to the Big IP. Unfortunately, this is needed in order to access the WTS inside the internal network (the Applet is actually used for managing WTS sessions). In other devices such as Juniper, this is automatically done by the device itself (there is a code rewriting/signing done on the fly) so that the very same applet works propperly. Does anyone knows if is there a way to configure this feature and how to do it? If this is not the case, where can I find an API or the appropriate documentation for adapting the applet for the big IP by myself? Thanks in advance for your help, any tips or workarounds will be really appreciated.Java applet: class rewriting on Big-IP?
Hello all, I am trying to configure a portal access to a webserver behind the Big-IP. In this webserver, we download a Java applet that is designed for accessing MS Windows Terminal Servers, but this applet should firstly establish a secure connection with the big-IP using a "code rewriting" or something similar in order to get the possible connections through the box. As far as I know, this was possible with F5 firepass, but I don't know if it can be done on the big-IP. In the portal access configuration there is no option for configuring this, just something so called "Java patching". Anyone knows if this "Java Patching" can do the code rewriting for Java Applets? If this is not the case, is it possible to do it? How? Thank you for your help
