Help with Local Traffic Policy with streaming app. and basic understanding.
This is a homelab to have a better understanding of F5 BIG-IP and appercaite any help. For testing purpose I have setup a PLEX server for streaming service and will be setting up a Horizon View UAGs. I only have one public IP address and thanks to others I have setup a external VIP using a local traffic policy. I am running into couple issues with the policy. I have been doing a lot of reading but still missing something.I created a local traffic policy that matches "HTTP Host to abc.domain.com" that points to a virtual server for PLEX. If the VS is set to use the policy PLEX works via the web interface and the macOS apps works however using PLEX iOS/iPadOS app fails. It does not connect back. I have changed "forward traffic to pool and node" and still same problem. If I change the resourse setting to use "default pool" to the PLEX pool and remove the policy. The app works. I have done a tcpdump on F5 as well proxy capture of an iOS device and cipher suite are correct. I have looked at the ltm log but not seeing any errors. I have made multiple changes with SSL Profile on client/server but no luck. Any suggestions what would cause the app not to work using policy but works when default pool is set? What other troubleshooting should I look at?Solved1.6KViews0likes5CommentsLooking for Setup Advice
Hello, I am looking for some advise for setting up a F5 Big-IP that can accomplish the following things. I only have one public IP address but will be hosting muliple services. I am looking at setting up one VIP that's open to public with ports that are required then when hitting FQDN that it redirects to VIP that is hosting service. Example mysite1.domain.com goes to VIP 10.10.10.100, mysite2.domain.com goes to VIP 10.10.10.110, so on. Is this done by iRule, reverse proxy, or policy. What's the best pratice for setting something up like this. Thanks in advance for the help.Solved1.5KViews0likes8CommentsDo I need a self-ip in the same subnet as my virtual servers, or a VLAN ID?
Hi all. So my external self IP is in the 10.251.12.0/24 subnet and my virtual servers are in the 10.251.10.0/24 subnet. However, I can't ping any of my vIPs from the F5 itself or outside of that network. I noticed that if I put the vIP in the 10.251.12.0/24 subnet I can ping it from the F5 as well as outside of the network. It's like my F5 doesn't want to advertise my virtual servers. Am I missing configuration here? I do not have a VLAN defined for the virtual servers, nor do I have a self-IP in that range. Should I?1.3KViews0likes6CommentsF5 Not Functioning With Pulse Secure
Hi All, We have a new set-up of an F5 with two VIPS - one performance layer 4 for https (SSL authentication to the pulse secure appliance), ad another standard VIP on UDP/4500 (for IPSec data traffic). Both Profiles have a source affinity persistence profile mapped to them which has option "Match Across Virtual Server" checked. This is to allow Both VIPS to act as one for Data Traffic. The F5 has also two Gateways configured as self IP's and their respective floating IP's - this is so the pulse uses the F5 as its gateway for internal and external traffic. The routing on the F5 points internal traffic to a default route to a switch in the DMZ which knows the route to the data center - and was being used to route traffic in the old set-up too. What we found with the new set-up was that traffic going to the external port worked fine, but traffic to the internal port on the pulse (routed via the F5 internal gateway) was not working at all. This interface should use its own IP address and initiate a request to Authentication servers, but did look like it was - resulting in users not being able to log into their pule clients (as authentication was failing). In the old set-up the gateways were on two separate switches, and this worked even after we reverted back - we saw users able to connect and log into pulse - where as in the new set-up they couldn't go past the prompt. We believe the issue is only with internal traffic, as external traffic looks fine. We also believe it could be the F5 potentially stopping the traffic from passing but not sure why. Could the profile be changing something in the packet header? Could both VIPs also need to be standard VIPS for this to work ? Has anyone come across an issue like this before ? Best Regards, Sabeel1KViews0likes1CommentCan you stop RST from being sent by VIP
I work for a large regional public transportation company. We are in the beginning process of rolling out phones with a VoIP over the top application on them. This will eliminate the need for radios (radio transmittion towers are now very expensive). I have determined that, for whatever reason, these phones send a DNS request on TCP port 853 and with that the VIP sends an RST to the requesting phone. That in turn resets the connection, the VoIP app beeps, disconnects for 30 sends, and then reconnects. I have both the phone and app vendor looking at this but thought I would see what it would take to mask this problem from the F5 side. I do realize that all DNS traffic currently hits this VIP, so at this time I am only exploring my options. John791Views0likes8Commentspool members can't connect to another Virtual Server
Hello, for sure this is a problem already addressed but I have an issue with a client that is part of a pool behind a Vip. If from this client I attempt a connection to another Vip I get no response while the connection works in case I make the connection to my Vip. My client route to the Vip network is the F5 interface. Is there something wrong? I am attaching a diagram that is maybe better than a thousand words....Solved735Views0likes3CommentsF5 SDK Python - Assign HTTP Profile to VIP
Hi, can someone draw me an example how can I assign HTTP profile to existing VIP? I am seeing that ipProtocol key is tight to tcp profile but I do not see any key that has http profile assigned when queering VIP configuration. I am little bit lost here.671Views0likes3CommentsCan an F5 VIP and Pool have a container member?
I have a container running on a Server with port 80 (TCP) exposed. The container is up and running when you test it on the serverIP and container port for example 172.27.27.2:80. I would now like to point an F5 VIP at a pool containing the member 172.27.27.2:80. I don't want to set up anything fancy using the F5 K8s setup but configure the setup through the F5 as it is were a basic IIS site or windows service. I cannot think of one but is there a reason this is not possible ? & is there a specific health monitor that should be used? at the moment the F5 keeps marking the member as offline.623Views0likes3CommentsDNS automation when deploying a VIP?
Hi! First of all, this community is awesome... :) Anyway, I was asked the other day if its possible to have an DNS-automation when creating a VIP? I've been searching for this, but i cannot find the info I need, either that or i need to up my searching-skills. In this scenario they have a windows DNS (ughn..) Cheers!520Views0likes9Comments