-
HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487) Attack Advisory
An emerging threat, the HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487), has been identified as a new application layer denial-of-service attack that brings a significant risk to network security. This vulnerability allows attackers to exploit the HTTP/2 protocol's design and any organizations running web, application,…
-
What HTTP header length limits are in force?
I am wondering what limitations are imposed on the length of a single HTTP header and what limitations are imposed on the aggregate length of all HTTP headers in a client request on an http port. We stumbled over a problem with some clients where the Authorization: header is in excess of 12 kbytes. The connection is reset…
-
Maintain session with ChatID object
Hello, I need to know if an aFlex can be created that maintains the session with the ChatID object, this object is the ID of the chats that clients have with executives, which close the session before the client ends the chat.
-
2 Active Link and 1 Backup Link
Hi All, I have three ISP links. I want to configure 2 active links and 1 backup link (active when 2 primary links are down). I can configure a10 for 2 ISP links but the backup link doesn't have any idea. Could you please share a sample configuration for my problem? Thank you.
-
[T&C] CGNAT Port Reservation (Port Forwarding) with Firewall using Thunder CGN/CFW
In this article we will see how you can implement CGNAT Static Port Reservation (also known as Port Forwarding) using A10 Thunder CGN/CFW. Deployment Scenario Here is the deployment scenario: We have two internal services that we want to make accessible to the outside world using Thunder CGN/CFW: SSH server running on…
-
vThunders setup Health check for 443
Hello, Just getting my feet wet with this as we have few sets of A10 vThunders on 4.1.4-GR1-P6 Build 90 and looking to setup a Health check so that if 443 is not responsive that A10 knows to pass traffic to the other server and not the one that is down on 443. I created a Health Monitor for port 443 HTTPS and have defaults…
-
Cisco ACI and Nexus Configuration Utilizing OSPF to ADC
Anyone out there connecting their Thunders to a Cisco ACI configuration using OSPF? We are running Thunder appliances in pairs using VRRP-A. We will be running anywhere from two to five partitions on each VRRP-A pair. The Shared partition will be there to facilitate L2 and system administration. We will be creating trunks…
-
Integrate SIEM external log
Hi everyone, Our customer are running A10 ADC and now they want to integate SIEM external log. Please guide us config to get that if A10 can do it Thank a lot!
-
Forward Proxy + SSL Termination
We're using an A10 vThunder as a forward proxy for users. So the users live on the "inside" of our environment, reaching out to the Internet. We use a wildcard VIP to route all of their traffic, with a policy to permit/block certain hostnames. Works great. There's also a requirement to terminate the SSL session for a…
-
Create Rewrite
Dear, I need your help to create an aFlex with a rewrite that does the following: sucusales.mydomain.com to chile.localisti.co Thanks a lot
-
Habilitacion TLS 1.3 Error
Hola Compañeros de A10, actualmente tengo un incidente de configuración, espero alguien me puede colaborar o halla pasado por la misma situación y su respectiva solucion. TLS 1.2 se puedo habilitar sin problema, al momento de habilitar TLS 1.3 me está dando el siguiente error: La versión actual de mi ACOS es la 5.2.1-p5
-
Exporting Server List
Hi All, We are running an A10 Thunder 3030. I am looking to audit the configuration to determine valid SLB configuration. Is there a way to export the list of VIPs and with the associated Servers? Thanks for any help and advice. Cheers Deena
-
login issue
Hello, I recently purchased used A10 6430 antiddos ,I plugged it in and powered it on, and used a console cable to login to it. after a moment it shows me "localhost login:" I tried (admin,reset,install,a10....etc) almost everything but to no avail anyone can help me with that ?
-
A10 Vthunder throttle traffic?
Hello, Just wondering if there is a setting in our a10 vthunder config that would throttle requests? We have 2 A10's running in a pair that have multiple VIPs. One of them goes to a site internally and we are receiving a request from our developers if they throttle requests at all? I am not sure if we have a setting to…
-
ACME SSL certificate rotation not updated on HTTPS port
I'm on ACOS 5.2.1-P6 using A10 ACME client to generate SSL cert/key pairs. No problem obtaining the files and applying these to templates. I then tested rotation using the "force" option. The new certificate was created and shows as "bound". However, the HTTPS port with associated client-ssl template is still using the old…
-
Upload SSL certs via axapi v3.0
I have tried using the file/ssl-cert AXAPI 3.0 endpoint to upload an SSL cert, and have so far been unable to with either curl or Ansible. curl -k -X POST -v \ https://a10.example./axapi/v3/file/ssl-cert \ -H "Authorization: A10 ${SIG}" \ -H 'content-type: application/json' \ -d '{ "ssl-cert": { "file": "example.com.crt",…
-
IP Source NAT Exhausted ??
Is this IP Source NAT pool exhausted ?? Can some help to resolve this if so ? Is that the only way to increase the pool ??
-
In the VRRP master backup synchronization group, the host cannot synchronize and configure to the st
We encountered a problem In the VRRP master backup synchronization group, the host cannot synchronize and configure to the standby running configuration. There is a synchronization configuration in the standby startup config. After executing the synchronization operation command on the host, the prompt is as follows…
-
GSLB ZONE AS A RECORD
Hello! I´m configuring GSLB with a challenge which is to answer the queries for example.com as A record. example.com -> x.x.x.x The thing is that when we configured GSLB we have to add the domain in the zone and then configure the services for example www.example.com Does someone know how can I do this?
-
Error with Partitions using ansible: 1023721472 Access Denied
Hi! We're moving to orchestrate our TH1040S using ansible. This started to work out very nicely! But now we're hitting an "Access Denied" when trying to handle partitions. Here are some details ACOS 4.1.4 a10.acos_axapi either 1.2.latest or 6.0.1 My user is in two partitions, but not the "shared" partition Here's an…
-
Disable TLS 1.0 and TLS 1.1
Dear, I need your help... I need to disable TLS 1.0 and TLS 1.1 from the SSL Template, I do it and do a scan and the deprecated TLS still appears.
-
The number of sessions shows the problem
When looking at the number of sessions, it appears: The number of printed-out sessions reaches the maximum, 10000, does not show the number of sessions, how to solve this problem?Thanks
-
Stop Processing of Subsequent aFleX Rules
Does anyone know if it's possible to have an aFleX rule that stops processing of subsequent aFleX rules that are attached to a virtual server? For instance, say I create an aFleX rule named "DontAllowIfBadIP" that has a conditional for detecting if the IP address should be allowed to connect. Then I have a second aFleX…
-
Certification study material - Application Delivery Control 4
Hi everyone, I would like to ask for help on where I can find study material for the certification Application Delivery Control? I'm studying with the manuals and I have access to the load balancer at work but many subjects I can't find anything in the manuals (HTTP Header rewriting, HTTP compression, Built-in DDoS…
-
Vthunder - Vmware failover vThunder to standby
Need to failover A10 to standby node so we can do some maintenance. I don't want to vmotion the vthunder VM's as it triggers a failover and we don't want our site access to go down. How can I do a failover in the GUI? seems like this should be fairly simple but when on active vmaster changing vrid blade parameter to a…
-
Url Redirect without url change
We are trying to write a script that redirects a user when they enter a url, but keeps the url the same. We have the url - https://bla.company.com When a user enters this url we want to redirect them to - https://otherserver/site but we want to keep the url as https://bla.company.com I can get this working so that it'll…
-
Simple URL Change
Posted by danguijun Good day Folks, I am looking for a way to change all requests that will arrive at Virtual Server 'VIP_Example' to add/ change the whole URL. I believe we could do the trick sing simple aFlex, but i need assistance on this field. There are two case studies for this change: For example: Case Study#1 - add…
-
URL redirection-rewrite using part of the URI
Hello, I been working on an aflex to do redirection of a web site. Here's what I' trying to achieve: Src host: mySRCsite.com Src path: /services/?app=test&annee=2022 Dst host: myDSTsite.com Dst path: /test/app1/USER=toi&LANGUE=FM&AN_ATTRB=2022 Redirection works, problem is that is hard coded at this time. What I want is…
-
HTTP Origin header not matching the base_url.
Wedsite owner getting below error related to revrse proxy header below is te aFLEX rule which we had added on on A10, do we required any addition rules to this work ?? X-Forward ?? ======================================== when HTTP_REQUEST { set URI [string tolower [HTTP::uri]] switch -glob $URI { default { HTTP::header…
-
TKC - ServiceGroup for non-HTTP
I'm attempting to build a VirtualServer, Ports, and ServiceGroups on an ADC using the TKC connector. Are non-HTTP ports supported? Also, if the k8s Service has more than 1 port, will it detect all and build it? At present its only picking up the Telemetry port of the container. Any examples of a ClusterIP service that is…
-
SSL Passthrough
Hi Friends, How to configure ssl passthrough on a10 vthunder? what are the configuration required to do