security
14418 TopicsHow is CPU/Memory shared across Virtual Servers?
Greetings, Suppose we have two websites, example1.com and example2.com, both exposed to the internet through an F5 Big-IP. Now, let’s imagine an attacker launches a DDoS attack targeting example1.com. How does the F5 allocate resources in this scenario? Does it dedicate all available resources to manage the attack, potentially making example2.com unavailable as well, or is there a mechanism to limit resource allocation—for instance, capping at 70%—to ensure the other website remains operational? This might seem like a straightforward question, but I haven’t been able to find a clear answer. Thank you!60Views0likes3Commentswhy the device certificate verify failed when the device certificate is not expired?
hi, we have some GTM/DNS devices. One of them - DSN01 is shown down, but the error message is shown as below. SSL error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (336134278) the device certificate of DNS01 is still not expired. And can ping DNS01 external physical interface IP from other DNS nodes. On DNS01, other DNS nodes are shown online. Can someone please advise what the possible cause is? Can restarting big3d on DNS01 to resolve the issue? Thanks in advance!95Views0likes5Commentshow does gtm/dns monitor wild-ip pool members?
hi, can someone please advise how gtm/dns monitor wild-ip pool members? what is the interval of probe ? I am running tcpdump to capture the probe traffics, but nothing is captured after running tcpdump 30 mins. The tcpdump command is shown as below. tcpdump -ni any host 10.10.20.21 10.10.20.21 is pool member (VS) IP address. This member status is shown online. Please help to advise, thanks in advance.92Views0likes7CommentsWhat is the best practice for migrating from iseries to rseries?
hi ,we plan to migrate to new r-series F5 (v15.1.x) from i-series legacy appliance v13.x.x. We will create the same vlans and IP address config, but the physical interfaces will be different. The new r-series appliance is already licensed. What is the best practice for this migration? option1: import the whole UCS file to new r-series appliance. after importing the ucs to new appliance, what are the next steps to complete the whole migration? option2: copy the config for every module, for example to copy ltm config first, then gtm, final AFW ...... can someone please advise, thanks in advance!102Views0likes5Commentswhat is this serial number b1:e5:bd:8f:2x:58:xx:27 in device certificate?
Hi, I saw the serial number of the device certificates looks like below. b1:e5:bd:8f:2x:58:xx:27 What is this serial number associated with the device? Seems it isn't a device interface mac address. can someone please advise? Thanks in advance!Solved50Views0likes2Commentshow to allocate disk space to a single large tenant on r-series 5k
hi ,can someone please advise how to allocate disk space to a single large tenant on r-series 5k? By default, it is allocated 77GB only when creating a tenant. For r-series 5600, there are 427 GB for F5OS Tenant Disks . As we just deploy one single large tenant on this appliance, can we allocate the rest available F5OS Tenant Disk space to this tenant? please help advise, thanks in advance!Solved27Views0likes1Commentshould set hostname first on new F5 appliance before running setup utility?
hi , we are going to setup a new F5 appliance. I have one question regarding device certificate, should we set hostname first on new F5 appliance before running setup utility because the host name will be used in the device certificate enrollment? Please advise, thanks.25Views0likes1Comment