Best Of

Re: Upload SSL certs via axapi v3.0

@filessl.json contains something like this:

{ "ssl-cert": { "certificate-type": "pem", "file": "cert1", "file-handle": "lab1.pem", "action": "import" }}

Or you can just add the JSON directly as long as the quotes are properly escaped.

@filessl_key.json contains something like this:

{ "ssl-key": { "file": "cert1-key", "file-handle": "lab1-key.pem", "action": "import" }}

'file' will be the name on the Thunder node, 'file-handle' is the name of the local file defined in the second part of the call.

john_allen

1

Re: <server-name> redirected you too many times.

Can you share which service is getting too many redirects?

Are there any redirects configured on the backend server?

Can you share any trace or Browser logs to see what redirects are sent?

boteye

1

Re: A10 4430 beeping on boot

That is a hardware component issue, and you will have to call A10 Support to troubleshoot and possibly get a replacement Th4430. A10 Support is at: 888-822-7210

john_allen

1

Re: GSLB

The most common approach I see is using the sub-domain delegation and CNAME records as depicted in the PDF provided. This is also known as "server mode".

There is also "proxy mode" where the A10 VIP sits in front of the backend DNS servers to provide load balancing functions as well as DNS Security for the real servers.

Additional details are also available within the GSLB guide on the Support Portal.

mdunn

1

Re: GSLB

gslb.pdf

take a look at the attached example

dquinn

1

Re: The Harmony Controller be installed above the RHEL 9

Harmony Controller is supported on CentOS 7.9 and RHEL 7.9. A10's new Central Management solution, A10 Control, offers a streamlined deployment and more recent RHEL version.

mdunn

1

Re: ADC virtual-server BGP RHI

Also

show ip route database works on newer versions of ACOS

4.1.0-P9 is very old and no longer supported. Eond of support was 12/21

dquinn

1

Re: ADC virtual-server BGP RHI

Hello

You can use ""show ip bgp" as you have above or "sh ip bgp neighbors x.x.x.x advertised-routes"

VIPs will not show up under "show ip route"

dquinn

1

Re: A10 WAF vs A10 Next-Gen WAF

A10 NGWAF is a completely new detection / processing / enforcement engine compared to legacy WAF. The engine still runs locally on the ADC and is applied per vPort. NGWAF runs on either physical or virtual A10 appliances and requires a separate license to activate.

NGWAF brings a wealth of benefits including ease of deployment, simplified configuration, and near-zero false positive rate. Full details on the NGWAF are available on the A10 networks website here. Be sure to check out the Solution Brief: https://www.a10networks.com/products/a10-next-gen-waf/

mdunn

1

Re: ADC virtual-server BGP RHI

To withdraw the route when the VIP is DOWN, we also need to add one of these commands depending on your use-case:

disable-when-all-ports-down
or
disable-when-any-port-down

To view the routes, "show ip route" should show the entire route table, and "show ip route bgp" should show any routes learned from BGP, but you can also try:

show ip bgp

show ip route database

show ip fib

mdunn

1