ASM instance creation
HI Team , I have to create an WAF instance similar to the one which is already available . I need help on creating the ASM policy similar to the one which is already used by other VIP . So my ASM policy name is ASM_NETWORK_443 and I have to create an identical policy with name ASM_DRNETWORK_443 . Is there any option to clone the ASM policy or export and import the policy and rename the Policy name ? Kindly help me on this .27Views0likes1CommentError when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n
I am running a Playbook to test bigip_command using ansible [core 2.15.3] against LTM running 15.1.6.1. When I run the playbook I get the following message: UNREACHABLE! => { “changed”: false, “msg”: “Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in "/tmp", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p "echo $HOME/tmp"&& mkdir "echo $HOME/tmp/ansible-tmp-1709037153.0021555-3167181-73985055078518" && echo ansible-tmp-1709037153.0021555-3167181-73985055078518="echo $HOME/tmp/ansible-tmp-1709037153.0021555-3167181-73985055078518" ), exited with result 1”, “unreachable”: true } When I run the Playbook with -vvv flags I see the following line just before the error message pasted above: Failed to connect to the host via ssh: Syntax Error: unexpected argument “/bin/sh” Similarly, if I test the ssh I also see this same unexpected argument message: ansible all -m shell -a id -vvv Syntax Error: unexpected argument “/bin/sh”\n’ I have tried editing various things in hosts file and ansible.cfg but nothing I have tried seems to have made a difference. Is anyone familiar with this and what is needed to resolve this. Any help is greatly appreciated!93Views1like4CommentsEnabling AVR and creating Profiles
Hi All, I've recently provisioned the AVR module (nominal) with out too much trouble. However when I attempt to create a HTTP Analytics profile, I don't see all the my Virtual Servers. I don't see any Virtual Servers when I look at the Statistics->Analytics->HTTP. However I am able to access: Statistics->Analytics->Virtual Servers- Statistics->Analytics->Pools Not sure what I'm missing, that I'm unable to see all the relevant info. Appreciate all advice and suggestions. Thanks Deena16Views0likes1CommentF5 loadbalancer not working
Hi, I've created a basic pool with a single node configured with port 80 a virtual server also configured with port 80. The virtual server is enabled and the node in the pool is active. In the node we have a nginx running in a docker container, we've made a port-forward of this service to expose it. But when I try to cURL to the virtual server the response is: curl -v http://<vs-ip-addr> * Trying <vs-ip-addr>:80... * Connected to <vs-ip-addr>(<vs-ip-addr> port 80 (#0) > GET / HTTP/1.1 > Host: <vs-ip-addr> > User-Agent: curl/7.81.0 > Accept: */* > * Recv failure: Connection reset by peer * Closing connection 0 curl: (56) Recv failure: Connection reset by peer If I cURL to the node configured in the pool: curl -v http://<node-ip-addr> * Trying <node-ip-addr>:80... * Connected to <node-ip-addr> (<node-ip-addr>) port 80 > GET / HTTP/1.1 > Host: <node-ip-addr> > User-Agent: curl/8.4.0 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx/1.25.4 < Date: Fri, 19 Apr 2024 11:09:30 GMT < Content-Type: text/html < Content-Length: 615 < Last-Modified: Wed, 14 Feb 2024 16:03:00 GMT < Connection: keep-alive < ETag: "65cce434-267" < Accept-Ranges: bytes < <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> * Connection #0 to host <node-ip-addr> left intact17Views0likes1CommentOffice Online Server with SharePoint 2016
I am in the process of deploying Office Online Server (OOS) with SharePoint 2016. Had a ticket open with support where it was suggested that I look at https://www.f5.com/pdf/deployment-guides/microsoft-office-web-apps-dg.pdf as an option. I cannot install this iApp on my system as I am running 14.1.0.2 and it seems that AAM is no longer an option. Being that OOS alongside SharePoint should be a pretty standard deployment, is there some documentation that describes how to properly deploy the two solutions together with LTM?672Views0likes1Commenthealth monitor source IP address
Hi there, Has somebody ever tried to change the source IP address for the LTM health monitor? To work around a specific design in the network I do not want to use the egress interface local self IP address which is used by default. Regards, Danphil16Views0likes0CommentsDynamic CRL Check with Client SSL Profile - How to notify the user?
Hi, we have implemented dynamic CRL checking with client SSL profile in our test environment with BIG-IP 15.1. And it works. If a test user tries to establish a SSL session to a VIP with dynamic CRL checking enabled and the user's cert is revoked, the BIG-IP resets the connection. We are looking for a wayto direct the user's browser to an error page so that the user would be notified that the application can't be accessed because the cert is revoked. Obviously, SSL session is (or not) established before any traffic can be sent over HTTP. We can verify CRL check result with "SSL::verify_result" in an iRule (for example), but the session is reset before an HTTP redirect can be sent. We are aware that this can be done with LTM + APM, however for this use case the APM is not available. This was, for example, possible in the "old days" on Cisco ACE with: parameter-map type sslMap_Name authentication-failure redirect cert-revoked url URL_Address Any ideas & help on how to notify the user that the cert has been revoked greatly appreciated. Thanks!Solved51Views0likes2Comments