Edge Client on EOL Windows version
We have users connecting to VPN through Edge Client and their notebooks running Windows 10 Enterprise, which is going EOS on October 14, 2025. Please advise on the following after windows goes EOS: 1. what would be the impact ? 2. Would there be any compatibility issue ? 3. What are all the considerations that needs to be taken into account with respect to EdgeClient and windows to not have any impact to user and VPN connectivity. 4. Suspecting posture checks and other parameters might be impacted
connect to an icap server, but is it possible to route only specific services to the virtual server?
Since it's created as an internal virtual server, I don't know what traffic is going through that VS. Is it possible to configure it so that only certain services go through that VS? refer : https://www.f5.com/pdf/integration-guide/f5-ssl-orchestrator-and-symantec-dlp-ssl-visibility-and-content-adaptation.pdf https://www.f5.com/pdf/solution-center/f5-ssl-orchestrator-and-mcafee-dlp-recommended-practices-guide.pdf
Syslog traffic is not sending out from other blades/slots
Hi Community Members, I have F5 viprion's in my environment. The issue I am facing that syslog's are being sent out from primary viprion only but not from the blades and slots. Below are the slot and blades. I have added the log publisher and log destination profile with splunk IP but still no luck. How to fix the syslog issue from blade and slots ? exxvipr01 (Primary) exxvipr01blade2 exxvipr01slot7 exxvipr01slot6 exxvipr01slot5 exxvipr01blade3 exxvipr01blade4 exxvipr01slot8
How to allow Request getting blocked due to Malformed JSON data
Hi Everyone, I've little trouble understanding how i can allow this request. Requests are getting blocked at WAF end due to "Malformed JSON data" violation (Illegal character encountered - json syntax error -" / ") Can i allow / (forward slash) character to provide exception for this violation & keep malformed json data blocking setting as it is. and how can i achieve this.
AS3 for ASM Policy Creation
I'm trying to use AS3 for being able to automate just the security policy creation, I've managed to get a declarative statment to do it all with creating a VIP and Tenant but I don't want to create all that, I want to just be creating the ASM Security Policy based on a template in the tenant I specify. { "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "transparent_waf_policy_only_declaration", "label": "Transparent WAF Policy Only Deployment", "remark": "Deploys only a transparent WAF policy object within a new tenant and application.", "Common": { "class": "Tenant", "MyWAFPolicyApplication": { "class": "Application", "template": "generic", "Transparent_Security_Policy": { "class": "WAF_Policy", "enforcementMode": "transparent", "template": { "use": "POLICY_TEMPLATE_FUNDAMENTAL" }, "description": "A standalone transparent WAF policy for monitoring purposes." } } } } } response is { "code": 422, "message": "Invalid data property: [object Object]" }
F5 ASM - Compact Learning
Hi, I have configured a manual policy with the Compact learning for parameters but it doesn't add parameters to the list. However, wildcard parameter is changed with suggestions. I think it's working like Never (Wildcard Only) learning, why? On the other hand, I've read in K74535942 that the policy must include the following: Most commonly used entities Disallowed file types Top-level URLs, such as /abc/* https://support.f5.com/csp/article/K74535942 How can I include these requirements in the security policy? Thanks, best regards.
F5 rules for AWS WAF
Hi, We are experiencing false positives with the WAF rule rule_ZmEu_Headers, part of the F5-Bots_Managed ruleset protecting our backend. Issue details: - Legitimate requests from our customers are being blocked with HTTP 403 Forbidden errors. -The blocked requests include the standard AWS session stickiness cookies AWSALB and AWSALBCORS. - These cookies contain values that coincidentally include the substring "ZMEU", which appears to be causing the rule to trigger incorrectly. - We suspect the rule performs a basic substring match on header values leading to false positives. - The requests otherwise come from valid user agents and normal browser traffic. - This issue is impacting business operations and requires urgent attention. Request: - Please clarify the detection logic behind rule_ZmEu_Headers. - Can the rule be tuned or exceptions created to avoid false positives caused by cookies? - Is there a recommended best practice to exclude legitimate session cookies like AWSALB from this check? - We would appreciate guidance on mitigating this issue without disabling the entire bot protection ruleset. Please check the attached log for an example block. Thanks.Allow specific users to access F5's GUI?
Hi guys, I've configured TACACS (Cisco ISE) for F's GUI authentication. From ISE, I allowed a security AD group access to F5's GUI, and it works. There is a problem; the AD group has 10 users, but only five users are responsible for managing the F5. How do I configure the F5 to allow these five specific users to access the F5's GUI instead? Thanks.
