Any iRules that acts as Virtual Server for By-Pass Cert
F5 APM with SWG module, so this F5 acts as Proxy and Intercept Cert. I have a problem about intercept certificate some website cannot use it, then I solved that problem by create the new virtual machine and fixed the destination of each website's IP. (nslookup) But I think it's not a good solution, because If some website occurs like this problem more, I have to add more virtual server. So I try to use iRules to by-pass the destination by using iRules. when CLIENT_ACCEPTED { if { [ IP::Addr [IP::local_addr] equals "xxx.xxx.xxx.xxx" ] } { SSL::disable } } But it's did not work, please could you suggest me for the iRules command.
SWG: Web Filter database download issue
Hi all, I'm trying to download the SWG database, i didn't receive any output for more than hour and when i reviewed the logs i found the below error, any suggestions? Error Jan 27 17:57:37 SWG err urldbmgrd[23977]: 01770002:3: 00000000: Download of Master DB failed, will retry. Jan 27 17:57:42 SWG notice urldbmgrd[23977]: 01770004:5: 00000000: Downloading latest database... Jan 27 17:57:42 SWG err urldbmgrd[23977]: 01770072:3: 00000000: Download failed with return code 4 Jan 27 17:57:42 SWG err urldbmgrd[23977]: 01770026:3: 00000000: Master db download failed with return code 4 Jan 27 17:57:42 SWG err urldbmgrd[23977]: 01770002:3: 00000000: Download of Master DB failed, will retry. Jan 27 17:57:47 SWG notice urldbmgrd[23977]: 01770004:5: 00000000: Downloading latest database... Jan 27 17:57:47 SWG err urldbmgrd[23977]: 01770072:3: 00000000: Download failed with return code 4 Jan 27 17:57:47 SWG err urldbmgrd[23977]: 01770026:3: 00000000: Master db download failed with return code 4 Jan 27 17:57:47 SWG err urldbmgrd[23977]: 01770002:3: 00000000: Download of Master DB failed, will retry.Is WMI or WINRM supported for APM/SWG to do seamless ip address to user id resolution?
Hello to All, Because I work also with Palo Alto and domain logged computers they use the WMI or the WINRM protocol to do seamless ip to username mapping by probing client systems and monitoring Microsoft Exchange servers and domain controllers for user mapping information, I will ask if is this suppprted for SWG or APM as I couldn't find any documentation? I think maybe it is not and something like NTLM or Kerberos will be needed for computers already logged into the domain but I will still ask if someone knows anything about this. Also for the SWG F5 DC Agent it seems to use Netbios not WMI to check the Microsoft AD server for ip mapping to user id resolution? https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-secure-web-gateway-13-0-0/12.html
APM + SWG: File extension Policy ???
Hello community, We have a situation with a customer and a partner, where they were deploying APM + SWG as a forward proxy for navigation control and walk into a problem. The policies based in URL categories are working just fine, but then the customer asked for a policy based in file extensions. They asked for: "Any file extension including the following must be blocked: .exe, .JS, .JAR, .VBS .VB, .SFX, .BAT and .DLL Files." To our surprise, we haven't find anything related to this type of approach. ASM can be configured to block file extensions uploaded to a server, but regarding APM or SWG there's nothing around in the documentation. Please, I need to confirm if this functionality is not a achievable with APM+SWG or in the contrary is available but in another module, like ASM. Thanks beforehand, and in the case the answer is "iRule" I'm afraid will not be enough.
Allow downloads but not uploads from Online Storage (Google Drive)
We currently use a BIG-IP 7250 as a forward web proxy. I've had a request from high up the management chain to allow downloads a specific 3rd Parties Google Drive space, but not allow uploads. We block the "Personal Network Storage and Backup" URL Category in our standard policy. Is there a feature on the device which would allow this fine grained level of control out of the box, or would we be looking at putting in a custom iRule for this? Traffic intelligence looked promising, but I couldn't find exactly what I was looking for. Many thanks
Working with the limitations of APM/SWG perflow.custom
Hi, I am after advise for the best way to work with the single perflow.custom variable when i need to set multiple flags/data to later use in vpe decisions boxes. my two initial thoughts where to either use arrays or to work the variable as binary and set bits like flags. But both of these seem clunky to me and vpe code would look very messy and confusing. So does any one have a good approach to this problem? cheersCopy a branch of Per-request Policy
hi all! is there a way to copy a branch in a per request policy then paste it to another branch? i think that this can be done if the branch is already configured as a macro but in our scenario, all branches are configured manually. is there a way to do this or the only way is to configure it manually? Thank you.CAN F5 LTM BE USED TO SECURELY PUBLISH WEB APPLICATIONS?
Can the F5 LTM be used to securely publish web applications in a DC,(TMG REPLACEMENT) in case where an organization is moving towards discontinuing TMG? I know SWG is the best replacement for TMG,but,how can it be done if the only license is LTM? Thanks
