201 Recommendations for Study
Hello mates, I am a new member of the forum😀 I have to retake my 201 exam again in February and it´s been a while since the last time I touch a F5 device. I tried to look for the PDF which, as I remember, it was pretty solid material for the exam and the last time, I was able to pass the exam at the first attempt by only using the study guide and a F5 device I had on the lab. But I´ve seen recently that the guide is not longer available where it was: https://clouddocs.f5.com/training/community/f5cert/html/class3/class3.html May you kindly recommend me documentation and good material for my study. Much appreciate it! Regards,1.9KViews0likes9CommentsCisco ISE Load Balancing
Hi , I am trying to load balance Auth and Accounting traffic from Cisco ISE. But I have my f5 implemented as f5 VE with a single interface dedicated for traffic and another for Mgmt. The issue is that my f5 Management IP lies in the same segment of Cisco ISE, even if I have declared the cisco ISE as the pool member I am not able to get the return traffic back from ISE , I can see the traffic is leaving f5 on interface 1.1 but I never see a reply from Cisco ISE. To resolve this issue , I tried a 443 vip for the same ISE nodes I was able to see the vip working for https traffic once I added a SNAT. But after reading so many documents and recommendations I used SNAT for the same radius vip too. Even then also I am awaiting a reply packet from Cisco ISE. Any help to complete this installation. Mgmt IP of Box : 10.1.1.100 nd 10.1.1.101 Cisco ISE Nodes : 10.1.1.50 and 10.1.1.51 --. they are using the same vlan Also the client cisco swithc is lying too in the same vlan of Mgmt. The mgmt ip of BigIP is 10.1.1.100 and Cisco ISE is 10.1.1.50 and 10.1.1.51 and both are lying in the same segment which has bene tagged to my BigIP VE. I am using a separate segment for VIP which is 192.168.36.0/24 which is routed on a separate vlan and tagged to the same pair of VE. Now I tested this deployment where everything is reachable via ICMP still I am not getting a reply packet from ISE Servers; Case 1 : when snat is enabled --> HTTPS traffic works but radius doesn't Case2 : When SNAT is disabled none of the traffic is even leaving the box. I have added the Self IP and floating as well as the Mgmt IP as allow device for Cisco ISE to allow the monitoring. So I am good with radius monitors for the same pair. Its the Client traffic which is entering the LB is not getting a reply.1.2KViews0likes8CommentsLTM + GTM on same box
Hello All, I have two F5 boxes 2800 and i will run LTM + GTM on the same HA box. can anyone tell me the GTM Steps? like how to add HA LTM on GTM? do I need to do the GTM configuration on ACTIVE and standby F5? when i tried to add the standby F5 to GTM, i found all VIPs are red color, is that okay ?36Views0likes3CommentsAPM : is VMware Workspace One supported as an Endpoint Management System?
Hello, In the past, we added our on-premises Airwatch server in the Endpoint Management Systems list. We used this feature to check if the smartphones connecting to the VPN were properly enrolled. We used this feature only for a few users. We migrated to VMware Workspace One in SaaS mode but we forgot about this feature. Is VMware Workspace One supported as an Endpoint Management System? Could F5 APM connect to WSO API? When adding our WSO instance as Airwatch, we got a "General configuration error". Thank you Thomas13Views0likes1CommentYubikey APM and AzureAD question
HEy I'm trying to add the ability to use yubikeys as hardware keys to my Saml/Azureid logins. I saw this doc for how to do it with okta. Application access using YubiKey Authentication with APM and Okta | DevCentral I was wondering if their were similar instructions for Azure AD. It seems like the okta integration relies on okta connecter supporting yubikey in v 16.0. We are currently running 16.1.5, but I don't see something similar in the Azure AD connector. I was wondering how other people have done this? Or if their was something I'm missing? We've been able to add yubikeys to ont eh Azure Ad side, but they never show up when we try to use them as a 2nd factor with The BIG IP Edge client.25Views0likes2CommentsIs network access bypassing APM logon pages?
Hello, Maybe it's a stupid question but I've been wondering about it for a while without finding a proper answer. Usually, you can either access your web apps remotely through APM or you can use a SSL VPN connection to have a full network access. Recently when I was connected to the VPN (BigIP Edge Client), I tried to access different web apps through APM in order to test some APM workflows (vpe config) and I noticed I was somehow bypassing the APM logon pages : actually I was able to access the web apps without having the APM logon pages. Maybe these were silly tests but still i'm wondering : what happened ? I used an irule to have verbose logs, I saw that my vpn session ID were being used when accessing these web apps. Is there any credential forwarding ? How does it work ? Thank you ThomasSolved575Views0likes8Comments<apm_do_not_touch> in JS file failing</apm_do_not_touch>
So we have an application that uses the @cc_on statement within a javascript file, and the APM is trying to rewrite it. Problem is (as stated in SOL3910) that the rewrite breaks the code because it doesn't rewrite properly. According the the SOL3910, adding the tag around an HTML element works to tell APM to ignore rewriting this section. The problem is that this fix doesn't (fully) work in JS files because the tag is an html tag. While adding the tag around the section will work to keep APM from rewriting the code, because it's in a JS file, the syntax is invalid and causes other JS errors. I've tried embedding the tag in a comment (many different ways) but it doesn't work, and APM will continue to rewrite the code. I doubt there's a javscript statement we can use to do the same thing here and cause APM to ignore rewriting it, but wanted to see if anyone else had a similar issue before or ideas on resolution.419Views0likes2CommentsProblems with F5 Rseries and LDAPs for remote authentication
Good afternoon I'm having some problems getting remote authentication to work on my Rseries computer over LDAPS, when debugging I get the following error: Can't contact LDAP server: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate) I have followed several guides and consulted different articles, but I can't find any of them which fields are mandatory and which aren't. My question is regarding the fields: Cipher String, TLS CA Certificate and TLS Key. Is it mandatory to fill in these fields? What happens if they are left empty? Best Regards12Views0likes1CommentProblems connecting to vpn after upgrading to ubuntu 24.04
good afternoon, I have upgraded ubuntu to 24.04 and since then I can no longer connect correctly to the vpn with the f5 client. In the client it appears that I am connected to the vpn, but then I do not reach any of the sites and servers that with the 22.04 version if it arrived. Can you help me.2.4KViews2likes9CommentsBypass the character for Evasion technique Detected violation
Hi, I need help to bypass or allow %", character which has triggered the Detection violation(Bad unescape) in JSON POST Data. This is legitimate request and i don't see this request on learning suggestion. I am able to find with the help support ID provided by user under the event logs.1.1KViews0likes4Comments