Creating Client SSL Profile using Certs from a new CA
I've uploaded some new certs with their keys and created Client SSL profiles for them to put on some load balancing virtual servers. These new certs were issued by a brand new CA. The old SSL Profiles nothing in their chain - just cert & key issued by OldOrgName. The new SSL Profiles don't work. Where on the F5 do I tell the F5 about the new CA? Or is it entirely up to the Client to know how trust the new Certs in the new Client SSL Profiles when they connect to the VS?
Which encyrtion algorithm is used when making Kerberos ticket encyrtion.
Which algorithm is used when making Kerberos ticket encyrtion. Hello, we have created and installed all encyrption methods as all in the keytab file. Now how can I see which encyrption method is used by the application that does kerberos authentication on F5? We will detect applications that use old encyption methods and force them to use the new methods. It would be great if anyone has any experience, suggestions or knowledge on how to solve this issue.
AWAF - Do not log Geolocation violations from the Event Log
Hi, I currently have a WAF policy with Geolocation enforcement. This violation is triggered a lot and is polluting the Even Log. I haven't found a way to remove only this specific violation from the Event Log. Is it possible ? It's flooding my logs. Thanks !
Load balancing NTP Servers
Hello, We want to put two NTP servers behind a F5 [GTM]. The applications only know the DNS name [VIP], while the F5 is forwarding NTP requests to only NTP Server A. Desired Failover Conditions like HA: Only of NTP Server A is failing, F5 is forwarding traffic to NTP Server B. And if NTP Server A becomes available again, F5 is forwarding to NTP Server A again. Health monitoring via https. I am wondering whether above scenario is doable? Note: Both NTP servers peer with exact the same NTP peers. Only one server is available at a time, the second is standby - like in a HA scenario. Please advise. Thanks.
How to Integrate F5 Anti-Virus with Fortisandbox using ICAP
Helo! i have a question is there possible if i integrate Anti-Virus on F5 with Fortisandbox? Because, i will create an feature on web application for uploading file with xlsx and pdf format. I want to send the file for scanning on fortisandbox before pass to the server. ive read some article https://my.f5.com/manage/s/article/K70941653 but i still wondering, is it possible or not? thank you.
Service discovery is not happening in AS3
We are having AS3 running in our F5 BIGIP and we are facing an issue with the service discovery. The pool members are unable to Autodiscover the new ip and port when the application containers are restarted. --> I can be able to see the auto discovery is happening in CLI (meaning after the application container is restarted, I can see the new Ip, and port is reflecting in the CLI. I am checking this using the command curl -vk http://<consul IP>/<endpoint URI> | jq .) and that auto discovery is not happing in GUI. As the pool members are not auto discovered and not attach to the pool, the pool is showing down and the users are getting impacted. --> I have reinstalled the AS3 in our F5 and the issue remains same. Currently the AS3 version we are running on 3.47 --> I can be able to see the declaration in the GUI (https://<BIG-IP>/mgmt/shared/appsvcs/declare) --> Service discovery is enabled in our F5. (https://<BIG-IP>/mgmt/shared/appsvcs/settings) --> We have tried by increasing the memory of 1GB to REST API interface, but the issue still remains same. We have increased the memory to 1Gb for the below list sys db provision.extramb list sys db provision.restjavad.extramb list sys db provision.tomcat.extramb --> Currently our F5 LTM is running on version 16.1.5 and we have tried upgrading to version 17.1.2.1 to check if this issue can bel resolved or not but after upgrading the complete AS3 services are down (the service discovery did not happen and because of that I see all the virtual servers are in down state). --> We are having Active -Standby setup, we have tried by failover but the issue still remains same. --> We have tried restarting the below bigstart restart restjavad restnoded bigstart restart restjavad restnoded httpd tomcat Could someone please help here to overcome this issue. This issue has been running from past 30 days, and we don't have any solution from F5 TAC. Regards, Bharath Kumar
