Microsoft 365 IP Steering python script
Hello! Hola! I have created a small and rudimentary script that generates a datagroup with MS 365 IPv4 and v6 addresses to be used by an iRule or policy. There are other scripts that solve this same issue but either they were: based on iRulesLX, which forces you to enable iRuleLX only for this, and made me run into issues when upgrading (memory table got filled with nonsense) based on the XML version of the list, which MS changed to a JSON file. This script is a super simple bash script that calls another super simple python file, and a couple of helper files. The biggest To Do are: Add a more secure approach to password usage. Right now, it is stored in a parameters file locked away with permissions. There should be a better way. Add support for URLs. You can find the contents here:https://github.com/teoiovine-novared/fetch-office365/tree/main I appreciate advice, (constructive) criticism and questions all the same! Thank you for your time.9Views0likes0CommentsCertificate server name issue--wildcard certificate
Hello all, I have one virtual server, and I have a policy behind it that redirects to multiple pools. The problem is that my customer requested a certificate for a few applications and requested it as wildcard.xyz.com. However, the application has two dns records as xyz.com and www.xyz.com. Of course, when I call the page as xyz.com, I get a certificate error (not a secure connection). Here, my policy record is as follows: if the host "xyz.com or www.xyz.com" is owned by the host, redirect the traffic to the xyz-pool. I wrote a redirect irule to overcome this. But it didn't work. The rule is like this: when HTTP_REQUEST { if {[HTTP::host] equals "xyz.com"} { HTTP::redirect "https://www.xyz.com[HTTP::uri]" } } anyone have any ideas or suggestion? Thank you in advance for your answers39Views0likes4CommentsHelp configuring NAT64 on a BIG-IP LTM
I have been trying to implement NAT64 in our network in order for IPv6 only clients can reach our IPv4 only servers. Ive create an IPv6 VIP and enabled the nat6to4 option and port and address translation are enabled. VIP: ipv6 Pool: IPv4 Snat: Auto map when i do #show sys connection cs-server-address 2a:66:x.x.x.xx client IPaddress VIP ip address floating ip address node 2a:45:33.xxx 2a:66:x.x.x.xx any6 any6 I able to see the client IPv6 address reaching to the VIP. But the F5 is not loadbalancing to the backend server How can i make this to work Any help would be greatly appreciated.56Views0likes3CommentsF5 XC WAF requirement is to allow traffic from specific source site on downstream and upstream side.
We want to allow traffic from CHE and MUM site only at downstream connectivity and also at upstream connection should be from same sites only. As over firewall we allowed traffic from F5 ASIA regions IP only. Downstream: As we have specific VIP IP, if we made same changes in VIP Advertisement does it pass only through MUM and CHE, as VIP belongs to ASIA region only. Upstream: We allowed traffic through Specific Virtual Site from INDIA only in Origin Server so it will help us to pass traffic through this site towards server.24Views0likes2CommentsSite stuck during provisioning ?
Hi All, yesterday I installed the site with secure mesh and after some time the site got stuck in provisioning state, when I run some commands to see the status of the site and it shows below mentioned output "status ver" : "The service is being restarted" "config-network" : "The site is in provisioning state" Moreover the ssh and https access to the site was also lost and "health" command is also not showing any IP address configured, rebooted the site and nothing works. When checked the main console it shows like the site is being upgraded. Waited for 2 to 3 hours no difference. Also checked the F5 Zendesk document but couldn't able to relate to my situation. Left the site overnight and in the morning just rebooted the site and it actually provisioned. I observed the similar behavior during the F5 lab when the site was upgraded. it took atleast 6 to 7 hours of to upgrade and then the after the manual reboot the site got working. I just wana know is it a default behavior or am I missed something ?30Views0likes3CommentsDelete external Data Group File List via automation
Hi All, Hope you are doing well, I stuck in one of the automation case. It nightmare since long time. Can help to advice is there any automation way to delete Data Group File List from File Management. We have many unused file under System ›› File Management : Data Group File List, wanted to add automate deleation via ansible or python. Please suggest best approach. for reference this is locations. Thanks23Views0likes1CommentSSL authentication bypass on XC cloud F5
We have managed engine agent-based application which run over https protocol, every agent has unique self-signed certificate. Normally when connection is got initiated at that time agent certificate is gets authenticate with SSL certificate and connection is successfully established but when we onboarded this on F5 WAF with SSL certificate it is giving 403 http error code, so as per analysis we are getting 403 error code dues to authentication failure. So, is there any possibility to bypass SSL authentication on F5 XC WAF?43Views0likes3Comments