-
HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487) Attack Advisory
An emerging threat, the HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487), has been identified as a new application layer denial-of-service attack that brings a significant risk to network security. This vulnerability allows attackers to exploit the HTTP/2 protocol's design and any organizations running web, application,…
-
Static NAT
Hello! I would like to request your help, I have a thunder which is performing the nhld function with two ISPs and 3 published sites, internet browsing and published sites work correctly, but there is a nateo that is made from one of the ISPs to a Private IP address (LAN) this nateo is used for SSL VPN connection in a…
-
How to configure a VPN client/server when the A10 is in the middle performing link balancing (NHLD)
Hello everyone! I would like to ask you for help, since I need to configure a client/server VPN where the client is the request from the internet, reaching A10, where it balances 3 links (NHLD), then the client's request the A10 must send it to the Firewall (LAN) which is the VPN server. Thanks a lot for your help!
-
WAF URL Whitelist syntax
Hi All, I am trying to write an additional policy based on the default url whitelist in the WAF templates. However the whitelist keeps failing the check due to a syntax error, but I can not see where it is, and I can't find any documentation on the syntax for creating the files. What I have is the following: # This is a…
-
bridge-vlan-group question
Hi Gurus, I'm testing a configuration with bridge-vlan-group and got the following Warning in the log: Mar 25 2015 14:05:57 Warning [ACOS]:<TEST> Potential loop detected on Port 3 VLAN 709 Src MAC 001f.a011.58a2 Dst MAC ffff.ffff.ffff Mar 25 2015 14:05:57 Warning [ACOS]:<TEST> Potential loop detected on Port 3 VLAN 710 Src…
-
Mass sending of port allocation messages to a Syslog server
Hello, Maybe some of you have already faced this situation. On a box, the LSN and port distribution were configured for dynamic allocation with port-batch-v2, and the operation occurs as it should. However, the allocation/release log messages generated by the system are sequential, with a 2-second interval between…
-
Hosting and automating web content on A10 ADC
I'm looking to host a proxy PAC file internally. All changes to our PAC file are currently made via Git commits and then a member of our security team copies it over to a Web Server. This web server is very basic and does not support automation or the like. As such, we are looking at web hosting solutions that can be…
-
A10 physical to Vthunder migration
Hi All, We have A10 TH3430S in HA setup , we are planning to migrate to Vthunder. Current setup have multiple partitions(L3V) having more than 30 nos VLAN through trunk. Even some partition have more than 20 VLANs. While checking the Vthunder deplyment document I found that vmxnet3 interface does not support trunk and…
-
A10 AX3000 kubernetes loadbalancing
Hello! I have AX3000 loadbalancer and my desire is to use it as loadbalancer for my kubernetes cluster. I have three control planes nodes on kubernetes, with three different IP addresses, all of them are external addresses accessible from the internet. My AX3000 has external IP address too, and is accessible from the…
-
Fast Aging and Memory Usage
I recently upgraded a Thunder 1040 from 4.1.4 to 6.0.3. We use it for CGN. Afterwards we got a few complaints about VPN, SIP, and gaming losing connection. One complaint specifically mentioned the issue occurring every 15 minutes. Logs show "Fast aging is enabled, memory constraint is reached" about every 15 minutes. I…
-
Connectivity issue
Hello community, I have a connectivity issue about some users trying to get some social media pages, I have A10 thunder working as a CGNAT and I don´t have any rules filtering traffic. Waht could be the resason this users are unable to access to Tik Tok for instance? Thanks
-
How to perform a case-insensitive match of the requested URL path.
Hello, How can I perform a case-insensitive match for the requested URL path? For example: when HTTP_REQUEST { if { [HTTP::path] equals "/NotificationServer" } { pool example_service-group } } And a case-sensitive example is: http://host/NotificationSERVER Regards
-
Disk Image Is Malformed
Has anyone faced this problem so far? Аfter I log in, after a while the TPS Detector shows me this error.
-
NTP sync in Harmony Controller
Hi community, How could I sync the NTP in the Harmony Controller with an A10 device?
-
Change mgmt ip in Harmony Controller
Howdy community, I have a cluster of A10 devices working with CGNAT, and also a Harmony Controller installed. I have changed the management ip in some A10 devices. My question is: how can I change the managements IPs in the Harmony Controller?
-
vcs Multicast IP address
Hi, installed the A10 V6 software in the Vpshere. VCS issue: After new build on A10 6.0.3 P2 the default multicast IP address (VCS config) is 224.0.1.210 (on V5 its 224.0.0.210) . VCS multicast IP address is 224.0.1.210. and it cause HA issue the standy by box become Standby-vMaster[1/2](NOLICENSE)> So we add the multicast…
-
Kafka service
Hi guys, Why does the Kafka service starts **** in the A10 Thunder device? I am using A10 Thunder as a CGNAT I had users unable to access social media pages, so we had to divert traffic to another device, Thanks
-
Factory reset hardware.
I am trying to factory reset my hardware. I will use the "system-reset" command, but will the license also disappear?
-
Clear DDoS Entries
Hi guys, I need to ask, if I clear the DDoS Entries in the A10 device, this is going to affect the production evironment? Thanks
-
Network port flap
I have 2 A10 thunder device in active passive cluster mode. We have 2 partitioned each node. Today all 4 ports in both the nodes went down and up again, causing services to move from one node to another and back again with massive service outage. What could be the issue
-
SCTP FW and RFC 5062
Hi all, A10 doc specifies about the SCTP FW, that “out-of-state packets and packets that fail packet anomaly checks per RFC 4960 are dropped.” But does anybody knows if it also remediates the vulnerabilities identified in RFC 5062 ? Thanks!
-
IP address in blacklist
Hi community, How could I clean up the ip addresses from the nat-pool which are in blacklists? I have issues with some users who can not open an specific url when they connect from FTTH home connection Is there a process I can follow up? Thanks
-
Aflex inside another Aflex
Hi I wonder if it is possible to use an Aflex inside another Aflex, for example when HTTP_RESPONSE { if { [HTTP::status] == 404 } { Aflex "ERROR-404" } } is this possible? Regards
-
slb template persist cookie template as command Aflex
How can I call an slb template persist cookie template as command in an HTTP event For example: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 192.168.1.10] } { pool example_server_group SLB slb template persist cookie "test" } }
-
Virtual Server UP/Down check via API
Hi all, I want to know is it possible to check if the slb virtual server is up or down via API ?
-
TCP default timeout on HTTP profile
Hello, I need help timeouts. We have a https virtual server, when i see its configuration "with-default" i see it has default tcp profile attached to it. As far as i know default tcp profile has idle timeout of 120secs. If i want to change this idle timeout to 300secs, how do I do it? Should i create a new TCP template…
-
Reporting problem
Can someone help me with this problem? Failed to push zone Vlada_vremen_1 configuration on devices. Error: Failed to configure zone on detector group: Failed to configure Zone Vlada_vremen_1 on detector: Number of reports enabled is above limit, must configure "reporting-disabled".
-
aGalaxy DDoS Protection
I'm currently encountering an issue with Galaxy NetFlow where I'm unable to view the netflow data, despite having checked and confirmed that the configuration is correct. Could someone kindly assist me with troubleshooting this matter? Any help would be greatly appreciated. Thank you!
-
Limit ID
Hello guys, Please I need to know, while setting a limit ID >user-quota tcp 2000 reserve 10 this means that 2000 ports will be the limit fot the whole NAT-POOL? (/24 mask) or per end user. And how can I check the if the user-quota has been exceeded? Thansk a lot
-
Version/Upgrade/Backup
Hello everyone, I'm unsure how to access the most recent version of the solution; currently, I'm on version 5.0.6.94. Could someone please clarify which version is the latest? Additionally, I'd appreciate guidance on upgrading to the latest version and backing up data on aGalaxy DDoS protection. Thank you!
-
Error HTTP
s.