Which attack signature sets does contain others?
My application is running on Apache Tomcat and there is one signature set with such name. Of course, I enabled it. The question is should I also enable sets referred to e.g. Apache, Java Servlets? Or maybe required signatures are containing in Apache Tomcat set already?356Views1like3Commentsspeed issue with VPN access
Hi all, We're using VPN access to internal network via APM access profiles and LDAP authentication. [F5 VE 11.4.1 - main tasks LTM (http-to-https VS redirect and SSL offload), device is not overloaded] Solution works fine but some users complaining about massive speed issue. To investigate the issue I set up a BIG-IP Edge Client on Win7 test box via ADSL connection (speedtest.net: latency=29ms,down=12Mbps,up=0.9Mbps). As soon as I connect via VPN speedtest.net results showing a massive drop (speedtest.net: latency=461ms,down=0.55Mbps,up=0.37Mbps). I have to admit that I don't have a detailed overview of the internal network but I know that Internet traffic passes through a proxy. Therefore I tried to 'eliminate' network topology and proxy by using "LAN Speed Test (Lite)" by Totusoft transfering test file to a share on a Win2008R2 box just two 'hops' behind the F5s internal subnet. The tool confirmed the bad throughput showing 0.85Mbps. Edge Client showed a throughput between 2.3Mbps (inbound) and 860Kbps (outbound) during the transfer (best values during write/read). It appears that the VPN is throttling the bandwidth so much but how can I find out for sure that it is the F5 VPN? Do I need to optimize the (network) access profile? We're not using a Client Traffic Classifier to limit the traffic. Any hint is much appreciated. cheers1.2KViews1like4CommentsCreate a Warning message box in APM policy before Logon Page
Hi, I would like to display some static text upon the logon page to our users. Sort of a warning that if they proceeded with their logon the site should be compliant with the company policies. Is there way to insert some HTML dynamically based on the contents of an iRule or iFile? I dont see messageboc or decision box helps here because I need this to be enabled as a warning pop up. Thanks. -Jinshu820Views1like4CommentsAre the HTTP/2 profile defaults sound?
The current default for theHTTP/2 profile has a Concurrent Streams Per Connection default of 10. This seems a bit conservative. IETF recommended that this value being no smaller than 100, so as to not unnecessarily limit parallelism https://tools.ietf.org/html/rfc7540#section-6.5.2 Also, NGINX for example has a default of 128 for while Citrix Netscaler has 100 as default maximum number of concurrent HTTP/2 streams in a connection. So, should we tune this value up from 10 to say 100? What effects will that have on the appliance? Also, should we then also tune any of the other default params for better performance?756Views1like3CommentsLTM - IP Fowarder Performance issues (Stateless Router config)
Hi All, Wondering if anyone else has issues with using an IP Forwarder in the manner described in this article (Specifically - Emulating stateless IP routing with BIG-IP LTM forwarding virtual servers): https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html. Here's the scenario.... VLAN attached behind the BIG-IP, which has the web servers on. MSSQL servers sat on a VLAN reachable through the BIG-IP. The connections all work, just if SQL traffic isn't routed through the BIG-IP, it works fine. Otherwise, behind the BIG-IP, there is severe delays. I'd suggest it be a good idea not to route this through the BIG-IP, but I wondered what the F5 communities' take on this would be. In short....Simple IP Forwarder (Stateless) for mssql traffic... Good or bad idea? Thanks, JD416Views1like4Comments