Rewrite profile statistics in ltm
Hi, I have some rewrite profiles attatched to LTM virtual servers. I don´t know if they are being used and I would like to delete them if they are not being used. Is there a way to let me know if these profiles are being matched? Thank you very much.667Views0likes3CommentsF5 LTM with cisco ACI applied multi-site
Dears, if anyone used F5 LTM with Cisco ACI, I have just one question when the ACI makes Multi-site and the server replicated to the other datacenter with the same IP, how can I configure this in the LTM or if this require me to make any change on the F5 LTM9Views0likes0CommentsHA Active Directory for F5 authentication
I have two f5 Big-IP wit LTM module in HA. I have configured Admin authentication in BIG-IP through Remote Active Directory and It works properly. The challenge is I have several synchronized AD servers and I would like to achieve HA in Big-IP authentication. I have created a pool with my AD servers with a custom LDAP monitor and It seems that works because all members look up in the pool. I also created a virtual server that listen in port 389 and use the AD server pool as default pool. However, when I set the host value to virtual server IP in system-->users-->authentication, all authentication attempts fail. Is required an special configuration in virtual server to make it work?25Views0likes2CommentsNeed help with ICAP integration with F5 LTM
I have followed thisKB article and created a standard http virtual server with web server and an internal virtual server with icap pool. Both virtual servers and pools are healthy and available. However when the http virtual server IP is accessed, it resets the connection ("reset" is the service down action). I am not sure why it behaves as if the ICAP service is down when it is not down and the icap pool health checks are passing.Also, I can see in the local traffic module statistics that no traffic is reaching ICAP virtual server. Appreciate if someone can help to spot any issues with my setup or help me to understand how to troubleshoot connectivity to internal icap virtual server.32Views0likes2CommentsClient cert auth and TLS1.3
Good day. I have a SSL-site with enabled Client Cert Auth (Client cerificate request, frequency once). I'm trying to get access to this site with PKI-card via Mozilla and Chrome. When I enable TLS1.3 (option "no TLSv1.3" in client ssl-profile is disabled), I receive only a certificate request, but don't get a PIN prompt and then have an ERR_SSL_CLIENT_AUTH_NO_COMMON_ALGORITHMS error. : Connection error: ssl_hs_rx_tls13_cert:3672: alert(46) no certificate When I disable TLS1.3 (option no TLSv1.3 is enabled), I receive a certificate request, then enter PIN and after I have an access to web-site via TLS1.2. What should I do to have an TLS1.3 access to this site? Thank you.4.3KViews0likes5Commentsredirect not working
I have below scenario works without redirect if statement . when i add the if statement for uri redirect getting a reset. when HTTP_REQUEST { if { [HTTP::uri] starts_with "/" } { HTTP::redirect /testpage } #log local0. "Active members is [active_members pool1]" if { [active_members pool1] == 0 }{ if { ( ( [class match [IP::client_addr] eq "whitelist"] ) && ( [active_members pool2 ] > 0 ) ) } { pool pool2 } else { HTTP::respond 503 content [ifile get "applicationdown.html"] } } }83Views0likes11CommentsViprion files on blades.
Hello, I have a Viprion with 2 blades. When I am deleting ISO files on /shared/images they are coming back after a while. I am sure they arent used in any guest. I did the delete in CLI with a rm command. I saw this in the LTM logs on the VCMP host after the delete command. Dec 19 13:46:56 slot2/f5mechl2 notice vcmpd[13223]: 01510006:5: Adding BIGIP-13.1.1.2-0.0.4.iso to slot 1 map.563Views0likes4CommentsSSL protocol mismatch
Ok, I ended up way down a rabbit hole earlier this week. That whole line of thought seemed to be a red herring. BigIP LTM trying to load balance to MS Navision servers which don't use standard 80 or 443 ports. Instead, the client communicates on port 7246 using TLSv1.2. If I have my Virtual Server Type set to "Performance (Layer 4)" I can get a connection to the Navision servers without issue. However I want to get SSL Bridging set up because I think we can get better performance with SSL Bridging than just the SSL passthrough (which I believe is basically what the"Performance (Layer 4)" is). When I try to set the type to "standard" (without puting in a client or server ssl profile) the Navision client gives me a "could not create a connection to the server". I've imported our wildcard cert and if I set the Wildcard cert for the SSL Profile (Client) and set the SSL Profile (Server) to "serverssl" I then get a "can't connect because of a protocol mismatch". Checking tmm --clientciphers DEFAULT | grep "TLS1.2" returns a bunch of TLS1.2 protocols and the Wildcard profile is set to "Ciphers Default". Checking the LTM log, I just get kind of a generic error Oct 4 15:45:20 BigIP01.domain.com warning tmm1[3124]: 01260009:4: <client IP>:43130 -> <BigIP VS IP>:7246: Connection error: ssl_passthru:5935: alert(40) not SSL Now, according to wireshark, I'm seeing both TLS and non TLS traffic to port 7246 so I'm not sure if the above error is a "real" error or if the issue is because both kinds of traffic are going to the same port. Logging on my SSL certificate is set to "debug" for all events. I'm not sure where to go next. ltm profile client-ssl Wildcard23-24 { ciphers DEFAULT } ltm profile server-ssl serverssl { ciphers DEFAULT } pool Nav_Pool_7246 profiles { LC-http { } LC-oneconnect { } LC-tcp-lan { } Wildcard23-24 { context clientside } serverssl { context serverside } } serverssl-use-sni disabled source 0.0.0.0/0 source-address-translation { pool Nav type snat } translate-address enabled translate-port enabled vs-index 4 }Solved1.5KViews0likes13Comments