-
HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487) Attack Advisory
An emerging threat, the HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487), has been identified as a new application layer denial-of-service attack that brings a significant risk to network security. This vulnerability allows attackers to exploit the HTTP/2 protocol's design and any organizations running web, application,…
-
The Harmony Controller be installed above the RHEL 9
Can the Harmony Controller be installed above the RHEL 9?
-
Activating the NG-WAF generates the Log
I am enabling NG_WAF on my V-port, adding the command generates the following LOG: A10(config-slb vserver-vport)#ng-waf Warning: Can't find ng-waf log. Some errors may not be detected. It is understood that once this command is executed and traffic is generated to the Virtual Server, this should be reported in the NG-WAF…
-
A10 4430 beeping on boot
hi, A10 is returning error 9.9 and beeping Console dont appears booting, just beeping and 9.9 error
-
Replace Citrix with A10 how to convert the configuration.
Hi, I have 9 services running on IBM WebSphere. Three of these services are using Layer 7 (HTTPS), while the other seven use Layer 4. Currently, all services are behind a Citrix load balancer, but we plan to replace it with a pair of A10 ADCs. All services are on the same VLAN. We will create a virtual Ethernet (VE)…
-
How to inject Server Name Extension (SNI) on server-side based on HTTP Host by Aflex?
We are replacing the F5 load balancer. Could you please let me know how to implement this iRule using aflex or other methods? he client request SSL packet header does not contain SNI, and it needs to be extracted from the Host field of the HTTP packet header. F5 irules: when HTTP_REQUEST {set sni_value [getfield…
-
How to inject Server Name Extension (SNI) on server-side based on HTTP Host
We are replacing the F5 load balancer. Could you please let me know how to implement this iRule using aflex or other methods? he client request SSL packet header does not contain SNI, and it needs to be extracted from the Host field of the HTTP packet header. F5 irules: when HTTP_REQUEST { set sni_value [getfield…
-
A10 AX-1000 tried connecting console cable to configure but the process always like screen shoot
tried connecting console cable to configure but the process always like screen shoot attached The HDD and status always show orange status. HDD amber color is ON but with orange status. Always check memory when we connect the console to configure.
-
ADC virtual-server BGP RHI
Hi, I'm trying to do RHI with BGP. I configure BGP, with peer to a router, to redistribute flagged VIP. In the virtual server I do "redistribute vip". At the router I receive the route to the VIP. If the VIP is down I still reveive the route. I expected to do not receive the VIP route if the virtual-server is down. So my…
-
A10 WAF vs A10 Next-Gen WAF
May I ask some question? What is the different between A10 WAF vs A10 Next-Gen WAF? a cloud-based WAF? software-based WAF? hardware-based WAF? Could you please explain benefits of Next-Gen WAF?
-
Application Delivery Partitions (ADPs) and Next-Gen WAF
May I ask some questions? 1. Application Delivery Partitions (ADPs) The customer asked me. They create L3V partitions on the ADC. They found all physical network interface use for the L3V partitions. For example: One creates an L3V partition for Company A. Next one, creates an L3V partition for Company B. Company A L3V…
-
Using Passive FTP in vThunder
I, unfortunately, have an application that sits behind vThunder that uses passive FTP and am having trouble getting this to work. I can configure a single port and limit the application to a single port using passive ftp and the service works but I need to use all available ports in the passive FTP standards (49152-65534)…
-
Can't access GUI
I can access A10 CFW from CLI (admin/a10) but I can't access GUI (admin/a10) how can I do it for the GUI access? Interface Mangement IP address config finished. New create user account from CLI. New create user access web, access cli, access axapi (config from CLI) But I can't access GUI still now. Could you please help…
-
Can we test the ADC features on the A10 CFW?
The customer wants to test Web Application Firewall and load balancer feature on the A10 Thunder ADC. Currently, we do not have an A10 Thunder ADC physical appliance but do have an A10 Thunder 3350-E CFW. Can we test the ADC features on the A10 CFW? The customer specifically requests testing for the following ADC…
-
Configure VIP
Hi All, I have a model with Trunk, VLAN, LACP configured on 2 ports connecting to 2 Firewall servers and clients. However, from A10 I can ping the server and client. From the client I can ping the VE on A10, but cannot ping the VIP. Thanks
-
Can we control the A10 ADC license from Harmony Controller?
The following link is the GLM portal. Global License Manager (GLM) https://glm.a10networks.com/ Controller deployed offline (without access to GLM) can use Local License Manager (LLM) What is Local License Manger (LLM)? Can we control the A10 ADC license from Harmony Controller? Could you please help explain and confirm?
-
Harmony Controller license and FlexPool license are the same?
May I know the FlexPool license and Harmony Controller license are the same? Could you please explain and confirm?
-
A10 1030S - UPGRADE FAILED - Failed to expand the upgrade image
Hello, I'm trying to upgrade A10 1030S from 2.7.2 to 4.1.4 I've tried: ACOS_non_FTA_4_1_4-GR1-P14_42.64.upg ACOS_non_FTA_4_1_4-GR1-P12_57.64.upg ACOS_non_FTA_4_1_4-GR1-P4_47.64.upg with all files above returns the bellow error "Failed to expand the upgrade image" Getting upgrade package ... ..............0 minutes 14…
-
A10 3430 - UPGRADE FAILED - Incorrect software for the model
hello, I'm trying to upgrade ACO 4.1.4 GR1 P13 build 44 to ACO 4.1.4 GR1 P14 42_64 I have two versions: FTA and non_FTA but in all cases returns this error: ACOS(config)#$/outros/ACOS_non_FTA_4_1_4-GR1-P14_42.64.upgUser name []? Password []? Decrypt upgrade package ... ................. Done (0 minutes 18 seconds) Checking…
-
Deleting a ve interface on a vblade
HI All, I'm sure theres an easy way to do this and I'm totally missing it. I'm trying to shutdown a ve interface on a vblade, the interface on the vmaster has already been disabled, but I get the message "This device is currently a vBlade. Try using the virtual chassis floating IP address instead." I've logged into the…
-
Config Virtual Servers ADC
Hi Support team, We are having an issue about config Virtual Servers. We are running A10 device in One-arm mode. From the A10 device, we can ping to Real Servers and can ping to client host succesfully. But from host, we can not ping to VIP (192.168.40.33), we just can ping the interface VE's ip address (192.168.40.101). I…
-
NHLD
Hello everyone! I would like to ask you for help, since I need to configure a client/server VPN where the client is the request from the internet, reaching A10, where it balances 3 links (NHLD), then the client's request the A10 must send it to the Firewall (LAN) which is the VPN server. Thanks a lot for your help!
-
Static NAT
Hello! I would like to request your help, I have a thunder which is performing the nhld function with two ISPs and 3 published sites, internet browsing and published sites work correctly, but there is a nateo that is made from one of the ISPs to a Private IP address (LAN) this nateo is used for SSL VPN connection in a…
-
WAF URL Whitelist syntax
Hi All, I am trying to write an additional policy based on the default url whitelist in the WAF templates. However the whitelist keeps failing the check due to a syntax error, but I can not see where it is, and I can't find any documentation on the syntax for creating the files. What I have is the following: # This is a…
-
bridge-vlan-group question
Hi Gurus, I'm testing a configuration with bridge-vlan-group and got the following Warning in the log: Mar 25 2015 14:05:57 Warning [ACOS]:<TEST> Potential loop detected on Port 3 VLAN 709 Src MAC 001f.a011.58a2 Dst MAC ffff.ffff.ffff Mar 25 2015 14:05:57 Warning [ACOS]:<TEST> Potential loop detected on Port 3 VLAN 710 Src…
-
Mass sending of port allocation messages to a Syslog server
Hello, Maybe some of you have already faced this situation. On a box, the LSN and port distribution were configured for dynamic allocation with port-batch-v2, and the operation occurs as it should. However, the allocation/release log messages generated by the system are sequential, with a 2-second interval between…
-
Hosting and automating web content on A10 ADC
I'm looking to host a proxy PAC file internally. All changes to our PAC file are currently made via Git commits and then a member of our security team copies it over to a Web Server. This web server is very basic and does not support automation or the like. As such, we are looking at web hosting solutions that can be…
-
A10 physical to Vthunder migration
Hi All, We have A10 TH3430S in HA setup , we are planning to migrate to Vthunder. Current setup have multiple partitions(L3V) having more than 30 nos VLAN through trunk. Even some partition have more than 20 VLANs. While checking the Vthunder deplyment document I found that vmxnet3 interface does not support trunk and…
-
A10 AX3000 kubernetes loadbalancing
Hello! I have AX3000 loadbalancer and my desire is to use it as loadbalancer for my kubernetes cluster. I have three control planes nodes on kubernetes, with three different IP addresses, all of them are external addresses accessible from the internet. My AX3000 has external IP address too, and is accessible from the…
-
Fast Aging and Memory Usage
I recently upgraded a Thunder 1040 from 4.1.4 to 6.0.3. We use it for CGN. Afterwards we got a few complaints about VPN, SIP, and gaming losing connection. One complaint specifically mentioned the issue occurring every 15 minutes. Logs show "Fast aging is enabled, memory constraint is reached" about every 15 minutes. I…
-
Connectivity issue
Hello community, I have a connectivity issue about some users trying to get some social media pages, I have A10 thunder working as a CGNAT and I don´t have any rules filtering traffic. Waht could be the resason this users are unable to access to Tik Tok for instance? Thanks
