Reverse Proxy Not Behaving
I am working on addinglearninglocker andxapi routes to the f5 reverse proxy and things are not behaving as I would have expected. The routes to Moodle and Keycloak are working but Learninglocker and Xapi are not. Below is what I see when trying to connect to the dashboard. The initial /lrs-dashboard connection is made but the corresponding connections fail. Here is what I'm trying to do: Is what I'm trying to do with learninglocker and xapi even doable?20Views0likes1CommentF5 VE in Azure - troubles with Sentinel integration
Hi! I'm having F5 Act/Stb cluster - 2 VMs in Azure with 2 traffic interfaces only (external, internal). I use BIG-IP 16.1.3 build 0.0.12 I'm trying for the first time in my life integrate it with Sentinel and so far I fail to do it succesfully. When following this article:https://my.f5.com/manage/s/article/K85539421point by point: Install telemetry extension goes well. I have 1.32.0 build 2 version (downloaded today). curl check is succesful Create iRule - done Create a pool to handle telemetry traffic - ends up with down by monitor. (Manual suggests to use tcp monitor). I tried to support with hints from: https://community.f5.com/t5/technical-articles/deploying-big-ip-telemetry-streaming-with-azure-sentinel-as-its/ta-p/278738, where people suggest to add static route the via internal vlan: net route telemetry { description "Allows monitor to work" interface /Common/internal network 255.255.255.254/32 or changing port lockdown mode: "One more note: the self IP on the chose VLAN you're using for routing the 255.255.255.254 traffic needs to allow TCP 6514, either by setting the "port lockdown" to NONE or adding a custom port." I tried to finish the manual, so: Create a virtual server to listen for Telemetry traffic Create a request-log profile Attach the request logging profile to the virtual server And when it comes to deploy the declaration (which I do via curl with .json file, I get: Has anyone passed through some manual integrating F5 with Azure Sentinel succesfully? Or maybe I'm doing here some obvious mistake? Thanks in advance for your help988Views0likes2CommentsNeed advise to setup a policy on F5
We have a virtual server 172.16.0.180 configured with port 443 . The pool is Netforumuat_PL_443 which has 4 members 10.103.51.105 : 443 10.103.51.106: 443 10.103.51.107: 443 10.103.51.108 : 443 Requirement we need a policy to be setup in F5 which can provide access to below URLs and reject other . https://partnersuat.rotary.org/xwebBrazilWeb/secure/netforumxml.asmx https://partnersuat.rotary.org/xwebbadge/secure/netforumxml.asmx https://partnersuat.rotary.org/xwebacquia/secure/netforumxml.asmx https://partnersuat.rotary.org/xwebclubrunner/secure/netforumxml.asmx https://partnersuat.rotary.org/xwebcluxprs/secure/netforumxml.asmx Could someone assist herein. Thankyou23Views0likes2CommentsiRule help masking IBM host URL/URI
I have a customer who has a contract with IBM that is requiring that we hide the internal URL/URI paths. When users go to the following URL/URI: cpd-cp4ba-uat.apps.cp4bauat1.companya.com/icn/navigator/?desktop=psecm the same host redirects them to the login URL/URI page: cp-console-cp4ba-uat.apps.cp4bauat1.companya.com/oidc/login.jsp. HTTP 302, 301 and 200 occur are viewed when I run HTTP watch. What the contract is requiring is that clients should use a much simpler URL:https://psecm-uat1.companya.com while masking the two lengthy paths previously displayed. We created the vs_psecm-uat1.companya.com and the server pool, which contains the IP for host cp4bauat1.companya.com. All URLs are HTTPS, therefore, I have already created the HTTP Profile and SSL profile. In the past I was able to mask the destination with HTTP::header replace...etc.. In this situation it is not working with the replace. I am not sure if I should create an iRule to redirect(client side) and a rewrite for masking the HTTP Response header. ???? Help is greatly appreciated.15Views0likes0CommentsAdvise on setting up IRULE
getting error " HTTP_ Request event in rule requires an associated HTTP or FASTHTTP profile on virtual server My requirement When client request for URL https://netforum.rotaryintl.org/xwebevents it should hit the pool NF_PRD_XWEBEVENTS_443 AND When the client request for URL https://netforum.rotaryintl.org it should hit the pool Netforumprd_443_Pool Current SETUP VIP is configured with port set to 44346Views0likes5CommentsHelp with URL Masking
iRule Newbie here and hopefully I am explain myself correctly. Our DevOps team requested I create a new site automate.test.mycompany.com, which will be redirected to this ansible URL/URI in our private cloud https://controller.automate.mycompany.com/#/login. In addition, they do no want the users to view controller.automate.mycompany.com/#/login in their browser. virtual server: automate_https_vs virtual server IP: 10.12.12.12 <----this IP is mapped in DNS to automate.test.mycompany.com server pool name: automate_https_pool server pool member IP and FQDN: 10.68.68.68 and controller.automate.mycompany.com <-HOST IS IN THE PRIVATE CLOUD The VS and node are HTTPS; therefore, an HTTP profileand aclient SSL profile has been configured. Test performed: When I perform an HTTP Request via the F5 VS to https://automate.test.mycompany.com, I receive an HTTP Response 404 error from the pool member/cloud host 10.68.68.68. When I perform an HTTP Request directly to the cloud host by typing in the browser https://10.68.68.68 I also receive the same an HTTP Response 404 error. When I perform an HTTP Request directly to the host URL https://controller.automate.mycompany.com I receive an HTTP response with the correct URL/URI path: https://controller.automate.mycompany.com/#/login. Finally, I created a redirect iRule which redirects correctly, but I should not view https://controller.automate.mycompany.com/#/login when receiving the HTTP Response from the server. Since, the F5 is SSL bridging (encrypt/decrypt) the connection can we manipulate the HTTP response and change or rewrite the server side response? If so, I would appreciate your help. when HTTP_REQUEST { switch [string tolower [HTTP::host]] { automation.test.mycompany.com { HTTP::redirect "https://controller.automate.mycompany.com" } } } Thanks, Maria22Views0likes1CommentF5 on AWS Cloud
Hi Team, We have a requirement coming up where few applications need load balancing on AWS cloud and customer want to explore the F5 load balancing options. I checked AWS marketplace and there are multiple options for Pay-as-you-go (PAYG) scheme. I have few doubts: Out of multiple options available as per throughput in AWS (25Mbps/200Mbps/1Gbps/5Mbps), how can we propose the best option. Based on the number of expected client session to the application, can we identify the correct Virtual Edition? Is there any document available that mentions the VE Image based on throughput and the number of connections it can handle? Is there any option that we can re-use the existing license from the hardware device running on-premise? Thanks in advance Vijay4Views0likes0Commentscreate multiple VIPs on F5 using AS3 JSON File and Dynamic Variables
I want to create multiple VIPs using a single piece of code - example dynamic variables in TFVARS. resources like application name , VIP Name, VIP IP Address, Irule, Profile, Backend Pool should be taken as input in the Tfvars file. Does anyone have a sample code for the same- I am using the following .tf file- ================ # Terraform code for AS3 resource "bigip_as3" "as3-f5-VIPS" { as3_json = file("as3.json") }11Views0likes1CommentDeploying F5 WAF in front of Azure Web App Services
Does anyone know of a supported architecture for deploying an Azure F5 WAF in front of Azure Web App Services to handle the SSL and ASM services against traffic destined for an Azure Web App Service (App Service not just an app server running in Azure).27Views0likes2Comments