Illigal Parameter addition as custom signature set wanted to Unblock
hello Team, We have have created the custom signature set to allow this violation traffic but when we applied the newly created custom signature set it is still showing Block as properties when we assigned to the existing policy but i wanted custom signature set shall be only Learn & Alarm, no Block. I will not be able to attached the screenshot for more details due to images not able to upload in forum. Please help me to resolve this issue. In the log event every time digits are changing in Parameter Name Parameter Location Form Data Parameter Name {"timeStamp":1775207870266} Parameter Value Applied Blocking Settings Block Alarm Learn Regards Manish MohiteCPU load when Prometheus is scraping metrics from F5 BIG-IP LTM
We are experiencing an issue where Prometheus is scraping metrics from F5 BIG-IP LTM, causing high CPU and memory utilization on the F5 device. Initial step, we have adjusted the scraping interval to 1 minute, but the issue still. Are there any recommended tuning options or best practices?
How to configure ssh access by key on F5OS
Hello, can you explain me how to configure ssh access on F5OS (Base OS Version 1.8.3 - product rSeries 2600) I would like to connect to my product with ssh key (ssh -i .... mailto:admin@x.x.x.x) The command ssh-copy-id do not work. Thanks by advance for your help.
F5 DNS Logs in JSON Format
I am currently receiving F5 DNS logs in syslog format, but I need them in JSON format. I have already created the log destination and log publisher, and also verified using Telemetry Streaming, but the logs are still not in JSON format. Is there a way to configure F5 DNS to send logs in JSON format? Any guidance would be appreciated. Thanks!DGCat-Admin — F5 BIG-IP Datagroup & URL Category Manager
Available in two versions with identical functionality: Bash (dgcat-admin.sh) — For Linux, macOS, or directly on BIG-IP/Big-IQ PowerShell (dgcat-admin.ps1) — For Windows (PowerShell 5.1+) Why This Tool? SSL Orchestrator (SSLO) policies rely heavily on datagroups and URL categories for traffic classification. While you can add sites directly to SSLO policies, this approach has limitations: SSLO uses iAppLX to generate APM per-request policies under the hood Each host or site added directly becomes an expression in the APM policy Large lists could degrade policy performance and are not easily manageable The recommended approach: Use datagroups or URL categories for SSLO security policy rules. They're optimized for fast lookups, keep policies clean and are operationally easier to maintain. DGCat-Admin makes managing those lists very easy. Need to export a few massive datagroups or custom URL categories so you can precisely replicate existing SSLO business logic at another site in just minutes? Need to ingest a large number of subnets or hosts from an Excel spreadsheet into a datagroup for SSLO security policy use? Want to take a custom URL category and convert it to a datagroup? Want to take a datagroup and convert it to a custom URL category? This tool was designed specifically for those purposes. https://github.com/hauptem/F5-SSL-Orchestrator-Tools/tree/main/DGCat-Admin
"01020066:3: The requested Node (/Common/fqdn1) already exists in partition Common."
Hello, when trying to POST a new application in a tenant that uses an already shared FQDN across tenants in the same cluster, the AS3 POST response is: "01020066:3: The requested Node (/Common/fqdn1) already exists in partition Common." It is saying that fqdn1 already exists in /Common, which is true, as it can be seen in other pools as a member. Now, if I try a different FQDN (fqdn2), it works fine with no issues. Any suggestions on how to find the root cause and fix this without: deleting fqdn1 from everywhere, and redeploying it? Thank you J version running 3.56.0-10F5 Insight for ADSP - A Closer Look
Introduction F5 Insight for ADSP, a key component of the F5 Application Delivery and Security Platform (ADSP), helps teams monitor and secure apps that are spread across hybrid, multi-cloud and AI environments. In this article, I’ll highlight some of the key features and use cases addressed by F5 Insight. Demo Video Demo Video: F5 Insight for ADSP - A Closer Look The F5 Insight Home Screen The F5 Insight Home Screen provides comprehensive monitoring for your F5 infrastructure, applications, and security posture. It features intelligent anomaly detection and performance optimization tools, giving administrators and users a centralized view of their BIG-IP fleet health and operational status. System Report Cards The System Report Cards display health indicators ranked Good, Warning, and Critical for the following: Anomaly Detection Monitors the connection count, pool availability, CPU utilization, and memory usage. Application Performance Monitors application-level health based on response time, 4xx, and 5xx error codes. Security Monitors the expiration of SSL/TLS certificates and BIG-IP WAF events. BIG-IP Metrics Monitors for BIG-IP health issues with device resources and operational status. Fleet Status Displays a summary of all BIG-IP devices and their operational status. The Fleet Status shows all the BIG-IP devices with a status of Up, Down or Degraded. Ask AI Assistant Allows you to type queries in plain English to retrieve device statistics, configuration information, security events, device health, application performance and much more. The AI Assistant connects to a configurable Large Language Model (LLM) backend. Supported providers include OpenAI, Anthropic, or a customer provided LLM. An example query: Have there been any outages in the past 24 hours for all devices in all data centers? The AI Assistant understands the question and has identified all the data centers. The AI Assistant then checks the device statistics for any outages or issues. The AI Assistant compiles a detailed summary report of the query. Configuration of Large Language Model (LLM) Large language model (LLM) Insights bring natural language intelligence to F5 Insight, enabling you to query your BIG-IP configurations and logs conversationally. Instead of manually searching through configurations or parsing log files, you can ask questions like “Why is pool member X marked down?” or “Show me all virtual IPs (VIPs) with SSL offloading enabled” and receive immediate, contextualized, clear answers. In the toolbar on the left under Manage, select LLM Insights. Select your LLM Provider Enter your API Token/Key Enter your Enterprise API URL Click Test Connection to verify it’s working Click Save Configuration when the connection is validated. Conclusion F5 Insight for ADSP offers customizable visualizations and dashboards to help you surface metrics and KPIs tailored to your organization. It provides access to useful telemetry data for a deeper understanding of your environment, application behaviors, and complex BIG-IP deployments, all centralized in a single location. Identification of root causes during outages/tickets. Solves issues and struggles with Day 2 analysis of your BIG-IP Fleet and the applications therein. Mitigates the problem of a lack of detailed visual information on your BIG-IP Fleet. Set a foundation for the utilization of open-source tools and their benefits. Related Content Introducing F5 Insight for ADSP F5 Insight for ADSP Documentation F5 Insight Product Page
Building a Certificate Lifecycle Manager with F5 BIG-IP Support — Looking for iControl REST Feedback
GitHub: https://github.com/shankar0123/certctl Managing certificate renewals on BIG-IP is one of those tasks that's easy to forget until it breaks something. The typical workflow is generate a CSR, submit to a CA, wait for issuance, download the cert, upload through the GUI or push via iControl REST, bind it to the right virtual server. This has too many manual steps and no central visibility into what's expiring when. I'm building certctl, a self-hosted certificate lifecycle platform, and F5 BIG-IP is one of the target connectors I'm working on. The platform already handles certificate issuance (built-in Local CA and ACME/Let's Encrypt with HTTP-01 challenges), configurable renewal policies, agent-based key generation (ECDSA P-256, private keys never leave the agent), threshold-based expiry alerting, policy enforcement, and an immutable audit trail. The NGINX target connector is fully implemented. Agents deploy certs via file write, nginx -t validation, and reload. Where I need feedback — the F5 connector: The F5 target connector interface is built and the iControl REST flow is mapped out, but I'm looking for input from people who manage certs on BIG-IP day to day before shipping the implementation. The planned flow is: Authenticate via POST /mgmt/shared/authn/login Upload cert PEM via POST /mgmt/tm/ltm/certificate Update the SSL profile via PATCH /mgmt/tm/ltm/profile/client-ssl/{profile} Validate deployment by checking profile status Questions for the community: Is this the right iControl REST flow for cert deployment, or are there edge cases I'm missing (e.g., cert bundles, intermediate chain handling, partition scoping)? Do most environments use client-ssl profiles directly, or is there a layer of indirection I should account for? Any gotchas with token-based auth vs. basic auth on newer BIG-IP versions?
