secure connection failed
I have VS with port 443 https , pool 80 , client ssl and everything is working fine. i have changed the pool to 443 so the new configration is : VS port 44, pool 443, client ssl , server ssl ( i have used the built in ssl " serverssl_insecure_compatible", i faced secure connection failed .. i have changed the server ssl profile with the same certificate of client, but again the same issue. i have server bypass f5, i tried to access the backend server with ssl (https) and it is working fine, so what might be the issue and how to troubleshoot it ?2Views0likes0CommentsBIG-IP Monitors (unknown)/ Cookie
Dears, I have the pools attached to a VS by Irule. the VS and pools monitor status are unknown, the request is handle successfully. My question: why the monitor status of VS and all pools are unknown? is mandatory for making the monitor active and green, attach the pool in the default field of pool member in VS? Second question: If I show the pool name inside the cookie, how can I hide it?18Views0likes2CommentsHA Sync issue on Active-Active Cluster
One of the peer shows the error "Does not have the last synced configuration, and has changes pending" We tried syncing manually and the same error persists. As verified, NTP is in sync and there is no separate VLAN for HA. Jun 18 09:23:18 Peer A notice mcpd[7966]: 010718ed:5: DATASYNC: requested force sync by user: xxxxxxxx Jun 18 09:23:18 Peer A notice mcpd[7966]: 01b00004:5: There is an unfinished full sync already being sent for device group /Common/DG on connection 0xeba71348, delaying new sync until current one finishes. Jun 18 09:24:19 Peer B notice mcpd[9977]: 010718ed:5: DATASYNC: requested force sync by user: xxxxxxx Jun 18 09:24:20 Peer B notice mcpd[9977]: 01b00004:5: There is an unfinished full sync already being sent for device group /Common/DG on connection 0xeb6ee088, delaying new sync until current one finishes. err mcpd[9977]: 0107102b:3: Master Key decrypt failure - decrypt failure - final(not sure if this is related) Please suggest.43Views0likes3CommentsINFORM: Entrust CA will be untrusted in Chrome after Oct 31, 2024
If you manage certs from Entrust in your environment, this will impact your Google Chrome users, so intermediate certs will likely need to be bundled to handle this in your clientssl profiles OR if you control all the clients you can assure that explicit trust in the clients is enabled for Entrust CAs. Google details on the situation28Views0likes0CommentsUnknown Bots customization.
Dear Expert, I have been working in the Bot protection in the AWAF for a while in a customer environment, i am having an issue related to a customized Bot created for their Mobile APP, it has been classified as unknown Bot and this is normal coz it is custom created by the developers. I am searching for a workaround to only turn off the mitigation for this custom Bot and block any other unknown bots, this is not possible as i have found, please can you help if there is any workarounds out there. Regards, Muhannad28Views0likes1CommentSMTPS relay to external MS 365
Hello, My organization has a requirement where internal application servers that send SMTP emails need to relay that traffic and secure the emails going outbound to MS365 servers. I have not discovered any specifics on Myf5 or via web searches. Can anyone point me in the right direction or if a solution exists, please send me a link to said solution. Thank you, et20Views0likes1CommentF5 WAF risk assessment process
I got request to do f5 WAF risk assessment for my environment, do you have any suggestions how should i do Any documents/steps/url that I can follow to do the same. I don't have any vulnerability tool in my environment, so how should i go without that.76Views0likes5CommentsAPM parse HTTP Connector json to message box, iRule etc.
Hello all, I have configured per-session and per-request policies on my APM (APM+LTM) mode and in the process of authentication I want to get some data from external web server. Data is in JSON format. To do that I have created HTTP Connector, assigned it to my per-request policy via subroutine and i can see that the subsession variables are beeing populated correctly via the HTTP Connector (with option save data, i can parse it but the result is the same, just more variables - one per JSON field). In the Overview:Active Session i can see subsession with the following variable with my data: 879cb369./Common/HTTPConnector/XXXXXXXXXXX==.nvp_block.subsession.http_connector.body Now I wanted to get this data and use it in my authentication flow and iRule but it doesn't work. First I wanted to test it, by assiginig variable and showing a simple message box in PerReq-policy: And after that the massage box with: %{perflow.custom} - it doesnt work. Also tried to just show it in logs with iRule like in documentationltm rule command ACCESS perflow (f5.com) So i created an iRule agent in per-request-policy pointing to bellow iRule and attached iRule to my VS: when ACCESS_PER_REQUEST_AGENT_EVENT { set $body [ACCESS::perflow get subsession.http_connector.body] log local0. $body } But it doesnt show anything. I have few questions: Is it even possible to access variables in subsession that got retrieved via HTTPConnector and use it further? For example to build JWT for auth? Can I assign more than two custom variables from subsession? according to this guide i can only use perflow.custom and perflow.scratchpad?: Using Variable Assign to populate gating criteria,Using Variable Assign to populate gating criteria,Using Variable Assign to populate gating criteria (f5.com) Using Variable Assign to populate a perflow variable other than perflow.custom and perflow.scratchpad causes subroutine results to become unreliable. 3. Maybe there is an other option to achieve my goal?44Views0likes3Comments