Community Activity
GTM Three Load Balancing Method
Hello,Currently, the following Three-Tier LB has been setup:Preferred: Global AvailabilityAlternate: NoneFallback: Drop PacketAnd two pools ae configured in the Member Order: 0 - Pool A1 - Pool BReferring to the following document, is the sentence ma...
Is there a way to trace connections?
Is there a tool within the Big-IP that allows you to trace inbound connection to see which virtual server its being processed by?
Interrogate Pool Member Priority Group from iRule
Hi,Is it possible to programatically identifiy the priority group of a pool member from within an iRule? I'd like to be able to combine that information with the results of active_members to be able to present a status of which group(s) are currently...
Downloading VE for VmWare
Hi Folks, we are in a process of deploying F5s in a VmWare environment. We will have them only licensed for LTM. My question is what .ova file am I downloading here? BIGIP-17.1.0.3-0.0.4.ALL-vmware.ovaORBIGIP-17.1.0.3-0.0.4.LTM-vmware.ovaThere could ...
Route 95% of traffic to 1 pool and 5% of traffic to another pool.
I'm looking at the best way to route 95% of our traffic to one pool and the remaining 5% to a different pool. Has anyone successfully done this before?
Understanding Man-in-the-Middle (MitM) Attacks and How to Defend Against Them
Understanding the Man-in-the-Middle Attack The Man-in-the-Middle (MitM) attack is a fundamental network session hijacking technique. This attack can block, alter, or intercept network traffic. For example, an attacker using MitM might discreetly cap...
Deploy BIG-IP ASM for API Application
DearsMy Manager informed me that we need to configure BIG-IP LTM and ASM for API application, what is the API application for F5? Is this different in implementation from normal web application or it is the same?Can you support me with guide or imple...
Reminder: MFA now required to log in to DevCentral
Hey everyone, We are now requiring multi-factor authentication (MFA) to log in to all DevCentral accounts in order to better ensure secure interactions on DevCentral. Please read our INITIAL ANNOUNCEMENT HERE. Logging in to F5 accounts – including D...
How to change TLS version 1.0 settings to version 1.2 or 1.3 in F5 DDoS product
Hello, My name is Muntae Kim. BIG-IP version:- BIG-IP 16.1.3.1- DDoS Hybrid Defender 16.1.0-9.0.20Currently, the traffic passing through the F5 DDoS product is communicating using TLS 1.0 version, which is unfavorable for security audits.[centos@ip-1...
How to use ‘PURGE’ and ‘PURGE_URL’ Method in F5 DoS products
Hello, My name is Muntae Kim.How to allow ‘PURGE’ and ‘PURGE_URL’ Method in F5 DDoS productBIG-IP version:- BIG-IP 16.1.3.1- DDoS Hybrid Defender 16.1.0-9.0.20When the server in the section passing through the F5 DDoS product executes the following c...
Upgrade to 15.1.10
Hi,I want to upgrade my BIG-IP to 15.1.10.In previous version upgrade, there is option for Install Configuration (Yes/No) and I can select Source Volume. However, in 15.1.10, I cannot select Source Volume after I select Install Configuation to Yes. ...
Schedule automatic UCS F5 backup
Hi,I want to auto schedule F5 UCS backup. Please share the steps to configure scheduled auto backup in F5.
AI Safety: Navigating Deception, Emergent Goals, and Power-seeking Behaviors
Introduction This serves as a companion to the article I previously wrote on security of generative AI. In the previous article, I wrote about security however in this article I wanted to focus on safety of Artificial Intelligence. While safe...
Resolved! In an active/standby setup of ASM, with sync only device group, do signature updates sync up?
Hi;In an active/standby setup of ASM or AWAF, let's say we added the sync-only device group to synchronise any automatic policy changes. Would updating the attack signatures on the active device propagate that to the stand-by one or do I need to do t...
F5 SMTP Fast Template - SNAT Not working as expected
Hello all,I'm having issues with getting SMTP to work with the FAST templates. Specifically, I'm trying to configure an SMTP template with no SNAT option checked so the backend pool members received the original clients IP address, but while running ...
Resolved! NGINX Load balancing feature
Dears,I have just one simple question, what is the difference between the Passive health check in NGINX open source and the active health check that NGINX Plus offer,
Telemetry Streaming - Re-starting restnoded
Hello Everyone,I have a dilemma ever since I set up telemetry streaming. I noticed that the restnoded daemon is restarting (some days are more frequent than others) but I can't get my hand into the root cause of it and how to solve it.I have been kee...
Resolved! How long does it take for the automatic policy builder to build an AWAF or ASM policy? busy site
Hi;How long "as an estimate" does it take for the automatic policy builder to build an AWAF or ASM policy? I mean to a point where it tightens entities and signatures. The site is public and busy and I want to use comprehensive/slow policy building. ...
Resolved! Is the update and application of new AWAF attack signatures "Service Affecting"?
Hi;Is the update and application of new AWAF or ASM attack signatures "Service Affecting"? Also does applying the new attack signatures entail a reboot of the device?KindlyWasfi
Monitoring the statistics of LTM policy rules
HiI'm trying to monitoring the LTM policy rule invokation via SNMP but I failed.I have looked into http://oid-info.com/ and I have found the OID named ltmFwPolicyRuleStat but I failed to find the LTM Policies of my F5 BIG IP device in the output o...
Missing Certificate after redirect
We have a requirement for any calls coming into https://abc.com to be redirected to Azure APIM https://apim-xyz.com/apiA simple following rule has been setup in F5 for calls coming into https://abc.comwhen HTTP_REQUEST { HTTP::respond 307 Loca...
Resolved! Cipher suite mismatch advertisement/warning
Hi, this issue is linked to:https://community.f5.com/t5/technical-forum/cipher-suites-supported-12-1-5-3/m-p/321291#M271493 Finally we have decided to leave only ECDHE ciphers.As I said, maybe it is too restrictive and non-technical users who try to ...
Resolved! iRule to log traffic details
Hi,I want to log below information to syslog via iRuleRequest headers including e.g. tap-*, X-* (e.g. X-Forwarded-For & X-Forwarded-Port )src IPsrc Portrequest urlreferral urlmethodresponsesessionidx_uri (assume included from F5)timestamp (ms granula...
How to search the latest security academic papers
Introduction While following the state-of-the-art of security-related technologies and gathering information is a daily job for engineers, we engineers often take a practical approach to gathering information. For example, when I gather security-rel...
Curse the Rusty OSS supply chain - September 10th to 16th, 2023 - F5 SIRT - This Week in Security
This Week in Security September 10th to 16th, 2023 Aaron here as your editor this week for a round-up of interesting or notable security news from the last week that caught my eye; keeping up to date with new technologies, techniques and informati...
Certificate as second factor for ActiveSync
Hi,we have a F5 in front of an Exchange 2016 Cluster, which does the LB (configured via iApp / the https-combined-pool-selection-irule). There is no APM in use. Since ActiveSync is one of the last "open" services that has no second factor for authent...
Resolved! Firewall behind APM will be migrated
DearsWe will migrate Firewall behind APM to different vendor, Is this will impact anything on APM device? or we will need to change something in APM.What's the recommended action from APM administrator through this firewall migration to avoid any int...
Looking for help for creating Dynamic content value in ASM
Hi TeamI am currently detected violation for following parameter for example. i am still try to creating dynamic content vlaue in WAF but it doesn't work. can you please give suggestion or any example for creating DCVctl00_ContentPlaceHoldserContent_...
F5 Re-write (Reverse Proxy)
Hello,I have a requirement to pretty much accomplish the followingUsers need to access http://abc.com, but they should see a webpage from https://server01.com/data.aspx without their browser's URL changing.This is non internet facing and is interal o...
Implementing F5 DNS and Creating Custom CNAME Redirects
We are currently implementing a solution in Azure and have encountered some DNS-related issues. I think it's a good idea to implement F5 DNS. However, I wonder if we can create an iRule to set up a CNAME for a specific domain. In other words, if a do...
