Device name under 'Device Management'
I'm looking for some information as to why there's device name shown as 'bigip1(self)' and also a hostname under 'Device Management > Devices', though the device hostname has been changed. Also, is there a way to change the device name from the CLI?685Views0likes5CommentsBIG-IP to Cisco via 10Gb SFP+ Direct Attach Copper
Hi, Anybody using Cisco DAC 10G transceiver/copper cables (TwinAx) to connect from a Cisco switch to a BIG-IP? Can't seem to find an answer, suspect it is not supported which is always an issue for DACs between vendors. Cheers1.3KViews0likes14CommentsSNAT pool and persistence
Hi all! I have a LTM-setup (10.0.1) with a SNAT Pool containing 5 ip addresses. So each connection uses the next SNAT address (round robin). But for persistent connections (source persistence), i'd like the LTM to use always the same SNAT address, and not to change it during the session. Otherwise some of my applications have problems with session management... Is there a way to configure the SNAT pool in a way that persistent connection always keep their SNAT address? Thanking you in anticipation, regards Marc634Views0likes12CommentsPool member connection
Hi All, we have 5 pool memebr . That pool attach to Virtual server.and Loadbalancing method is round Robin I am getting connection to multilple source. i want to identify particular source is hitting to Wich Pool member with current connection. HOW can i achieve this ? Thanks & Regards Ankush narang257Views0likes4CommentsLTM - IP Fowarder Performance issues (Stateless Router config)
Hi All, Wondering if anyone else has issues with using an IP Forwarder in the manner described in this article (Specifically - Emulating stateless IP routing with BIG-IP LTM forwarding virtual servers): https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html. Here's the scenario.... VLAN attached behind the BIG-IP, which has the web servers on. MSSQL servers sat on a VLAN reachable through the BIG-IP. The connections all work, just if SQL traffic isn't routed through the BIG-IP, it works fine. Otherwise, behind the BIG-IP, there is severe delays. I'd suggest it be a good idea not to route this through the BIG-IP, but I wondered what the F5 communities' take on this would be. In short....Simple IP Forwarder (Stateless) for mssql traffic... Good or bad idea? Thanks, JD390Views1like4Commentssnat vs automap, whats the difference?
I'm trying to see the difference between the snat and automap for the Source Address Translation option. Currently I have traffic coming in to the F5 using automap. What though specifically does that mean? And why wouldn't I use SNAT? All the nodes, (servers in our lan), are not configured to have the F5 as its default gateway. I have a lot of virtual servers configured and I'm not sure how the self-ip plays a role in the nating or snating if at all. From what I understand (but could be wrong) an external client request is directed to the vip ip (since our firewall nats it there) and the destination IP is that of the vip. The F5 then translates the destination IP to that of the IP of the pool member. Then on the way back out the source is translated to the of the vip. But what about the selfip? Can someone please explain all this? Thanks!14KViews0likes8CommentsLazy Auth Sessions
I'm trying to use the SAML_AUTH modules in Access Policy to protect a webserver using shibboleth. That in and of itself is easy. I have an iRule that sends down headers to the server based on the assertions we got from SAML_AUTH: when ACCESS_ACL_ALLOWED { set user [ACCESS::session data get "session.saml.last.attr.friendlyName.user"] HTTP::header insert "user" $user } I even have a decision box in my APM that only lets in users who have specific SAML attribute values (like only SAML users who are in groups). Now I want to be able to have users get to everything except URIs that start with /admin without requiring auth. Then later if the user goes to /admin they are forced to log in. I've gotten close with this setup: APM Screenshot Where the URI_Switch does a branch decision based on whether the URI starts with /admin or not the SAML_Auth forces login redirects and decodes assertions into F5 session variables and the Group_Switch looks at the assertion and decides whether the user has the correct group memberships to see /admin All of this seems to work fairly well except the Access Policy only runs once per session. So if a user goes to a non-protected URL first, then goes to /admin the Access Policy is not invoked, so the SAML_Auth box is never hit. So my question is: how do I get the Access Policy to re-run when a user goes to a specific URL? I'm guessing here but maybe I could have an iRule that runs when HTTP_Request and if the URL is /admin AND the session.saml.last.attr.friendlyName.user is empty then somehow reset the session ID?262Views0likes1Comment