rseries
17 TopicsDEVICE-0202 Error while adding rSeries as a provider in CM
Hi all, we just got out rSeries Hardware and I am now trying to add it as a provider to out Central Manager instance. Unfortunately I am always getting the following error Code when trying to connect it to CM. DEVICE-0202: BIG-IP Next instance internal server error: Certificate validation failed with error: provider 1234-app123-zz.net.world.aa:8888: DEVICE-0202: BIG-IP Next instance internal server error: SSL certificate is unusable: BIG-IP Next 1234-app123-zz.net.world.aa has an unknown or unusable device certificate; explicit trust is not possible. Error: EOF. . For creating the Device Cert on the rSeries Platform I used to following KB-Article which is for the DEVICE00060 Error: https://my.f5.com/manage/s/article/K000139300 - I issued a self signed certifcate with DNS and IP as SAN Since the error didn't change I tried adding a few other things: - Adding the self signed cert to CentralManager via Applications>Certificates & Keys>import - Creating a crt signed by out Internal CA (no IP in SAN cause the CA doesn't allow that), applying it on the rSeries and uploading the chain to cm - Testing if the rSeries really uses the applied certs on port 8888 each time with openssl s_client connect which it always does But all that didn't change the error message at all. Any ideas? Thank you in advance86Views0likes2CommentsRseries SCP OS to appliance from remote server
I'm new to rseries but I need to SCP an OS from a remote server onto the appliance via CLI. Server I am admining from holding OS only allows SCP file transfers out and https is not an option. What is the file path? From a admin linux box to r5600 i tried: "#scp <local F5OS.iso filename> admin@<r5600IPaddress>:/system/images/staging" "#scp <local F5OS.iso filename> admin@<r5600IPaddress>:/images/staging" "#scp <local F5OS.iso filename> admin@<r5600IPaddress>:/system/images/import/iso" "#scp <local F5OS.iso filename> admin@<r5600IPaddress>:/images/import/iso" Each time I get the response "Invalid pathname" https://techdocs.f5.com/en-us/f5os-a-1-5-0/f5-rseries-systems-administration-configuration/title-system-settings.html discusses it some but does not give me all of the information I need (or water it down enough for me). Any help is always apprecriatedSolved841Views0likes5CommentsIssue while migrating config from 4000s to r4600
Hi All, we are trying to migrate config from 4000s to r4600. We have created UCS on 4000s but while loading it on a tenant on r4600, we got an error saying ""load sys partition all platform migrate " - failed -- 010713d0:3: Symmetric Unit key decrypt failure - decrypt failure, configuration loading error: high-config-load-failed". Before loading the UCS from 4000s device to tenant, we copied the master key to the new tenant and verified it as well. The command used to load the UCS : load sys ucs <file name> no-license platform-migrate Didn't see any other error logs in /var/log/ltm. Could someone suggest how to resolve this issue ? Please note we are using a CA device certificate and not self signed certificate for the device. Also the management IP, trunk name and number of trunk ports in the UCS are different from those on the tenant.65Views0likes4CommentsSizing for HW and SW based
I am looking for a data for dimensioning for r5800 / 6000 etc where I am deploying DNS+PEM+AFM+URL Filtering + some iRules on ONE rSeries The same witch I am looking for is for VE deployment Where I can find data about such figures I can only find for DNS QPS, but for the rest of the modules can't Are there any exact numbers? How can I combine and calculate this module and see if feet into rSeries and VE HP??61Views0likes2CommentsProblems with F5 Rseries and LDAPs for remote authentication
Good afternoon I'm having some problems getting remote authentication to work on my Rseries computer over LDAPS, when debugging I get the following error: Can't contact LDAP server: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate) I have followed several guides and consulted different articles, but I can't find any of them which fields are mandatory and which aren't. My question is regarding the fields: Cipher String, TLS CA Certificate and TLS Key. Is it mandatory to fill in these fields? What happens if they are left empty? Best Regards37Views0likes1CommentCheck optic information and data
Hi All, One of our customers has two r4600 appliances and on those appliances is a BIP-IP tenant configured. The two BIG-IP tenants are configured in a Device Group (Sync and Fail-Over). Both appliances are in different data centers so customer is using a MRV solution to create connectivity between the data centers. This solution has been there for many years and is working fine when connecting their infrastructure. Now we want to use the MRV solution to connect both r4600 appliances for config sync and network fail-over. We have F5 SFP's in the r4600 appliances but when we connect them (on both sides) to the MRV hardware, there is no link. When we connect the r4600 appliance to a switch, we have link and the interface is UP. Customer checked the MRV setup and the fiber path between the data centers and they seem to be OK. No other issues are reported with the link between the data centers. As a work-around, we have configured ethernet ports to connect both r4600 appliance for sync and network fail-over and those ports are connected to access ports on a switch. But customer prefers to use the 10Gbe interfaces connected to the MRV solution. How can we troubleshoot this on the F5 side? Are there commands to get optic data on a very low level to see what is going on? Any tips and tricks are welcome. Regards, Martijn43Views0likes2CommentsR-Series Appliance No GUI ( host system gui ) after 1.7.0 upgrade
After running the 1.7.0 upgrade for the r-series 5000 appliance - the login screen does not display in a browsers. Admin and Root passwords are as they were before upgrade. mgmt-ip settings are the same. Device can ping it's upstream router in the mgmt-ip network. the device mgmt-ip address does not reply to ping ( or any request [ ssh, http...]) from the console I can see the whole running config - it is the same as before the upgrade Any help is appreciated, Dave Mehlberg127Views0likes5CommentsBIG-IP rseries license
Hi community, I plan to buy 2 new R4600 to replace the current 4000s(c113) ASM licensed. F5 have changed they lincesning model and I am a bit confiused about what exactly I need to purchase. On the new device I need the following features: Basic LTM (VS with 2,3 backend servers) iRules L7 attack protection IPS Can you pelase suggest what license modules cover the above items? I can not go for Best bundle becouse of too high price. Thanks!47Views0likes1CommentF5 2600 rseries Tenant reprovisioning
Dears, I configured one tenant on my F5 2600 rseries and in the tenant setting I configured it to use 4 CPU and chose the recommended option so the tenant takes 12288 memory,this is the minimum so is that applicable to allocate another memory after I configured it and it now running21Views0likes0CommentsrSeries and tenant upgrades
I manage four r5900 appliances, hosting 16 tenants. The appliances are running F5OS-A 1.5.0; the tenants all run BIG-IP 15.1.10.2. We all know, of course, that the most recent QSN was released today. Normally, I'd upgrade everything to the latest version. However, where F5OS-A 1.7.0 is concerned, there is a "Known Issue" that raises a big red flag. In the release notes, 1380705-1 : BIG-IP tenant is stuck during boot up after doing tenant upgrade from 15.1.x to 17.1.x The issue description says this will not happen with every tenant. But it just has to happen once to ruin a day, right? In the past, I have always upgraded the appliance OS before upgrading the tenants. That just seemed to make sense. Given this issue, though, I am considering upgrading all of the tenants to BIG-IP 17.1.1.3 first, then upgrading the appliances to F5OS-A 1.7.0. Does anybody know of any pitfalls to this approach?433Views0likes7Comments