iRule HTTPS(443) to HTTPS(8701)
I am having difficulty finding a iRule or creating that would auto route HTTPS(443) to HTTPS(8701). I have set up HTTP(80) to HTTPS(8701) that was pretty straight forward using this when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1]:8701[HTTP::uri] } Any help will be greatly appreciated.
Cannot add F5 net route
Hello! I am scratching my head because I can't see why this static route is not being added to the config. The "x" is replaced with a usable 1-254 IP. Existing config: net self INT-350_NET1_PRIMARY_IP { address x.159.222.101/24 allow-service { default } traffic-group traffic-group-local-only vlan INT-350 } net self INT-350_NET1_FLOATING_IP { address x.159.222.103/24 allow-service { default } floating enabled traffic-group traffic-group-1 unit 1 vlan INT-350 } net vlan INT-350 { if-index 448 interfaces { n7k-Po16 { tag-mode service tagged } } tag 350 } root@(sfltm1)(cfg-sync Standalone)(Active)(/Common)(tmos) load sys config merge from-terminal Enter configuration. Press CTRL-D to submit or CTRL-C to cancel. net route INT-350_NET1_ROUTE { gw x.159.222.254 network x.159.222.0/24 } Loading configuration... 01070666:3: Static route duplicates Self IP x.159.222.0 / 255.255.255.0 implied route Unexpected Error: Loading configuration process failed.
iControl or script to get dynamic route from F5
Hi I currently use F5 with dynamic routing (Learn BGP dynamic route from neighbor router). Problem is sometimes router can't send me route and all dynamic route is gone. (we got downtimes and there is no alert to us) Do we have iControl script or any script command to get route list from F5 ? I only know tmsh command to get dynamic route. So there will be alert to us when routing have a problem. Thank youAdded route on F5 APM not showing up on my device
hello everyone I added a route on our F5 APM, however I am not able to see it on my device. netstat -rn shows nothing for that subnet. I also check on F5 Big IP Client -> View details -> Routing Table my subnet is not there. I added my route on F5 -> Network -> Routes -> add and I choose gateway. When I manually add the route on my device using sudo route -n add -net x.x.x.x/24 x.x.x.x it is working. Am I missing something why my subnet isnt showing up? thank you!
Are NTP and DNS traffic management type or not?
Hello everyone, I'm system engineer in integrator company and currently I have one PoC of AWAF project with a customer. I have little experience of working with f5 devices, so I have one question and it'll help me a lot in future to analyze how BIG-IP devices. I've done some research in documentations but I couldn't find clear answer on topics, which type of traffic is considered as Data Traffic and which one is Management? For example NTP and DNS traffic should use management route or TMM route (I mean the case when there is no direct path to the destination DNS/NTP servers)? I thought that BIG-IP devices will use management route (management gateway) to do DNS queries and time synchronization, so I asked customer to grant access on firewall from management interface to the destination servers, but it didn't work. Then I've captured traffic via tcpdump and I realized that BIG-IP devices try to use TMM default route instead. But I've read in this article - https://support.f5.com/csp/article/K13284 that NTP is management traffic. Also this article - https://support.f5.com/csp/article/K7017 says that during the device boot, ntpd daemon is starting before TMM, so if it has no route via management interface, time synchronization will fail. So, I'm a little confused, what should I ask customer, open access from TMM interface for DNS, NTP, also for Signature Updates? I just do not understand logically, why NTP, DNS and system update do not use management routes? If all of them are considered as a data traffic, than what is management route used for? Only for accessing management GUI and SSH, is that correct? Sorry for a long question, but I really want to understand the platform's logic of traffic routing, to be able to operate it and correctly implement it with the customer. Thanks in advance. // Giorgi
Static route gateway X.X.X.X is not directly connected via an interface
Hello, When verifying bigip.conf file, an error is reported about a network route. But the error has no reason to be there. Here is the error: &&&&&&&&&&& load sys conf file /config/bigip.conf verify Validating system configuration... . . Validating configuration... /config/bigip.conf 01070330:3: Static route gateway 10.10.99.254 is not directly connected via an interface. Unexpected Error: Validating configuration process failed. &&&&&&&&& When I then exit tmsh and look at my network configuration I see that 10.10.99.254 is on the same network as one of my interfaces. netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.252 U 0 0 0 HA 127.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tmm0 127.3.0.0 0.0.0.0 255.255.255.0 U 0 0 0 mgmt_bp 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan20 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.220.220.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan220 10.194.94.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan194 127.2.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.1 10.10.96.0 0.0.0.0 255.255.252.0 U 0 0 0 vlan1 &&&& LOOK HERE &&&& 0.0.0.0 10.10.99.254 0.0.0.0 UG 0 0 0 vlan1 &&&&&&&&&& This configuration is up and running. I can even ping 10.10.99.254... I am just worried this error hides something more serious. fyi we run version BIG-IP 11.3.0 Build 3144.51 Engineering Hotfix HF8 thanking you in advance AlbertoDo I need a "Route" configured for route domain 0?
Hi all, I'm currrently using route domain 0 for everything on the Big-IP. I've not created any other route domains. When I go to Network > Routes, there are no routes listed. Do I need to create a default route for route domain 0? What does route domain 0 use as its default route if I don't specify one?Route Problem ?
Hi, I want to expose my sap portal to the internet so i configured ASM policy (recommended by F5 template HTTPS). My problem is that the virtual server and the node (sap portal server) is not in the same subnet, in my my F5 configuration i have only 1 subnet so when the F5 wants to go to sap server he must use his default gatway. The status is that i can see my request in the ASM log but i cant see the sap portal page. I check my network routing and i don't have any routing problem (i make a telnet session from F5 to the portal server ) in the network i think the problem is because the virtual server and the node are not in same subnet. Please help Regards Rafi
