security
14432 Topicswhy the gtm probing result is not shown on debug log?
hi ,we encounter some gtm wideip pool monitoring issue. then I tried to turn on the debug for gtm logging. The log captured for pool member status monitoring is shown as below only. There is no result about the probing, why? Can someone please advise on it? thanks in advance. debug gtmd[6034]: 011ae039:7: Check probing of IP:Port 10.50.62.252:8833 in DC /Common/DC-NY debug gtmd[6034]: 011ae03b:7: Will probe 10.50.62.252:8833 in DC /Common/DC-NY9Views0likes1CommentPCI and Partitions
Can I satisfy a PCI audit with PCI and NonPCI servers on the same LTM-VE by using partitions ? any doc from F5 supporting this ? [ already segregated - each partition with it's own network interface ] We brought a system back in-house from an outside hosting company, they had implemented partitions to allow running the PCI and NonPCI environments on the same F5.22Views0likes2CommentsAPM Logon page logs
We are having a brute force username guessing attack but we can not analyze properly where it comes or since when it started. We don't have locally enough logs to generate reports for a Month. Therefore we want to use our SIEM for it. Unfortunately the logs needs to be correlated separtely to get the username, date and IP from the same session. Anyone could acomplished that in your syslog SIEM?30Views0likes1Commentwhy the device certificate verify failed when the device certificate is not expired?
hi, we have some GTM/DNS devices. One of them - DSN01 is shown down, but the error message is shown as below. SSL error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (336134278) the device certificate of DNS01 is still not expired. And can ping DNS01 external physical interface IP from other DNS nodes. On DNS01, other DNS nodes are shown online. Can someone please advise what the possible cause is? Can restarting big3d on DNS01 to resolve the issue? Thanks in advance!Solved115Views0likes7CommentsIs iQuery sent to each other among GTMs and LTMs? full mesh?
hi, we have 3 data centers and there are two LTM and one GTM at each data center. All GTM are configured in the same sync-group. And LTM are added to local GTM server list. For this setup, normally we shall see the iQuery are sent bidirectionally with full mesh, right? I saw one GTM A sent iQuery to GTM B, but no iquery from GTM B to GTM A, is it normal? please advise, thanks in advance!14Views0likes0CommentsIs it mandatory to add gtm/dns to the server list under Data Center of GSLB?
hi, we are setting up GTM/DNS, after creating a Data Center. Should I must add local GTM/DNS to the server list under Data Center or just need local LTM appliances only? I saw one of our clients who added GTM to the server list but the status of GTM is disabled, and seems working fine after sync with other GTM/DNS. The other GTM can get the info about these LTMs and relevant virtual servers. Please advise, thanks in advance!Solved31Views0likes4CommentsAbout shun list for L7 DDoS?
Hello everyone, I'm having some problems setting up my L7 DDoS settings. I can successfully run the L7 DDoS defense against source IP in the settings. https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/4.html According to the article linked below, when detected by F5 L7 DDoS, it will be added to a shun list first. I can currently find out about which IPs are being blocked also in the following screen... Is there any way to find out which IPs are currently on the shun list by L7 DDoS ? If I find that a Source IP is currently being blocked by L7 DDoS, is there any way to unblock it? Any help is appreciate. Thanks.66Views0likes2CommentsBIG-IP SysLog appearing in ossec.log
F5 BigIP Syslog Integration: Logs Appearing in ossec.log instead of archives.log with Size Limitation Error Environment Wazuh server F5 BigIP Current Setup F5 BigIP is configured to send logs via syslog since running a Wazuh agent is not possible (BigIP standard practices restrict installing new packages). Issue Description When sending logs from F5 BigIP to Wazuh using syslog: Logs are appearing in ossec.log instead of archives.log as specified in the official documentation The logs are being received in hexadecimal format The logs appear to be incomplete with an error message indicating "to big size above" Current Configurations Wazuh Configuration F5 BigIP Syslog Configuration Expected Behavior Logs should be written to archives.log Logs should be complete and properly decoded No size limitation errors should occur Actual Behavior Logs are being written to ossec.log Logs are in hexadecimal format Receiving error: "to big size above" Logs are incomplete Troubleshooting Steps Attempted Network Connectivity Verification: Performed tcpdump analysis - confirmed packets are being transmitted correctly No network-level issues identified Wazuh Configuration Adjustments: Modified client_buffer settings - no impact on the issue Tested multiple port configurations - issue persists Port Testing: Attempted communication through different ports Issue remained consistent across all port configurations Additional Attempts: Exhausted various other configuration combinations No successful resolution achieved through standard troubleshooting methods Debug Information Decoded Hex Log Sample Additional Notes The incomplete hex format suggests potential issues with message size limitations or parsing Willing to provide additional information or troubleshooting details through a call if needed Questions Is this a known issue with F5 BigIP syslog integration? Are there specific size limitations that need to be configured? Is there a configuration parameter that needs to be modified to direct logs to archives.log?34Views0likes1Comment