Can we remove sync-only device group? Is there impact of procedure?
Hi Currently we are using F5 LTM+DNS+APM. And we have 4 unit in DNS sync group.. (2 in DC and 2 in DR) We have sync-failover separatly in each DC but we have same sync-only group for APM sync policy Our issue is, They saw device group of other DC show incorrectly. For example. If you are access to GUI on F5 DC. in Device management menu , You will see Sync-failover device group of 2 DC unit (which is correct) but you will also see Sync-failover device group of 2 DR unit too and it show in Disconnect state. <<<< This is problem. but i think it's expect behavior because F5 DC should disconnect from F5 DR I suspect this is happen because we have sync-only group (which include all 4 device both DC and DR) Question is Can we just remove that Sync-only device group? Is there any interruption of service orimpact of procedure? Or I can't remove it and need to re-create all new HA from scratch both DC and DR? Sync status as below Thank you
Remove/Prevent Truncating of large web requests in ASM
Hi, I am presently performing some trouble shooting on a large request that is blocked only on occasion. I have switched the logging over to log all requests so that I could compare a request that passed through to a request that was blocked. The issue I am having is that the area of the request that I wish to compare has been truncated and is not visible in the ASM event logs. Is it possible to prevent the requests from being truncated? This is only in a TEST environment where logs are regularly cleared so the size of requests and storage etc are not a major concern. Thank you.Problem with kerberos ticket lifetime, ticket is not remove when user logoff
hi, we want to force expiration/deletion of kerberos user ticket. Im stick with the 10 minutes minimum value for ticketlifetime in Access Policy / SSO / Kerberos / my_kerberos_configuration. Default is 600 minutes and the minimum we can set is 10 minutes. Our customer using the portal pay for service, since transaction is approve, we add the user in a active directory security group in order he can access the new service. We ask customer to logoff and login again to get access. The problem, is that the kerberos user ticket doesn't have the new group, until the ticketlifetime is reach, default, 600 minutes, now 10 minutes. Im looking for a way to force the removal of the user kerberos ticket in the F5 cache (or any solution that work without delay). We have try /desk/hangup.php3 but only user session is remove, not kerberos ticket. Config : VE LTM+APM 11.5.2 Any idea ? thank in advance and sorry for my bad english !
Remove URI on Process
rule reports_https_rule { when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/gatehouse"} { pool reports_pool_gatehouse_https } else { pool reports_pool_https } } } Hi Dev Central, Have a rather strange requirement on this - On the basis of someone requesting www.foo.com/gatehouse it should be sent to one server, on the basis of www.foo.com it should be sent to another server. However, here's the problem - gatehouse doesn't exist on the selected server, so returns a 404 error. So I would like to remove the URI after the pool selection has been evaluated. Can anyone suggest the best way to go about this ?
