-
Upload SSL certs via axapi v3.0
I have tried using the file/ssl-cert AXAPI 3.0 endpoint to upload an SSL cert, and have so far been unable to with either curl or Ansible. curl -k -X POST -v \ https://a10.example./axapi/v3/file/ssl-cert \ -H "Authorization: A10 ${SIG}" \ -H 'content-type: application/json' \ -d '{ "ssl-cert": { "file": "example.com.crt",…
-
<server-name> redirected you too many times.
I want to make the configuration for the publication of 2 web services, I have made the same configuration for both services, with a server queries are performed normally but with the other I have the following error <server-name> redirected you too many times. This is the config, for both VIP (the name and IPs are…
-
How to inject Server Name Extension (SNI) on server-side based on HTTP Host by Aflex?
We are replacing the F5 load balancer. Could you please let me know how to implement this iRule using aflex or other methods? he client request SSL packet header does not contain SNI, and it needs to be extracted from the Host field of the HTTP packet header. F5 irules: when HTTP_REQUEST {set sni_value [getfield…
-
NHLD Publics IP
I want to perform an NHLD to be able to balance the Internet traffic of my internal users through three ISP links, but in the perimeter FW that is in front of the A10 there is the publication of their services. That is to say, there is a NAT which publishes its servers. What considerations should be taken to avoid moving…
-
GSLB
I am trying to implement a GSLB deployment with two data centers geographically located in different locations.\ How is the DNS configuration managed so that requests that reach the External DNS are taken to the A10 for resolution? Has anyone already done this type of deployment before? This is the topology I'm trying to…
-
Replace Citrix with A10 how to convert the configuration.
Hi, I have 9 services running on IBM WebSphere. Three of these services are using Layer 7 (HTTPS), while the other seven use Layer 4. Currently, all services are behind a Citrix load balancer, but we plan to replace it with a pair of A10 ADCs. All services are on the same VLAN. We will create a virtual Ethernet (VE)…
-
Activating the NG-WAF generates the Log
I am enabling NG_WAF on my V-port, adding the command generates the following LOG: A10(config-slb vserver-vport)#ng-waf Warning: Can't find ng-waf log. Some errors may not be detected. It is understood that once this command is executed and traffic is generated to the Virtual Server, this should be reported in the NG-WAF…
-
ADC virtual-server BGP RHI
Hi, I'm trying to do RHI with BGP. I configure BGP, with peer to a router, to redistribute flagged VIP. In the virtual server I do "redistribute vip". At the router I receive the route to the VIP. If the VIP is down I still reveive the route. I expected to do not receive the VIP route if the virtual-server is down. So my…
-
A10 WAF vs A10 Next-Gen WAF
May I ask some question? What is the different between A10 WAF vs A10 Next-Gen WAF? a cloud-based WAF? software-based WAF? hardware-based WAF? Could you please explain benefits of Next-Gen WAF?
-
Application Delivery Partitions (ADPs) and Next-Gen WAF
May I ask some questions? 1. Application Delivery Partitions (ADPs) The customer asked me. They create L3V partitions on the ADC. They found all physical network interface use for the L3V partitions. For example: One creates an L3V partition for Company A. Next one, creates an L3V partition for Company B. Company A L3V…
-
Using Passive FTP in vThunder
I, unfortunately, have an application that sits behind vThunder that uses passive FTP and am having trouble getting this to work. I can configure a single port and limit the application to a single port using passive ftp and the service works but I need to use all available ports in the passive FTP standards (49152-65534)…
-
Configure VIP
Hi All, I have a model with Trunk, VLAN, LACP configured on 2 ports connecting to 2 Firewall servers and clients. However, from A10 I can ping the server and client. From the client I can ping the VE on A10, but cannot ping the VIP. Thanks
-
Harmony Controller license and FlexPool license are the same?
May I know the FlexPool license and Harmony Controller license are the same? Could you please explain and confirm?
-
Deleting a ve interface on a vblade
HI All, I'm sure theres an easy way to do this and I'm totally missing it. I'm trying to shutdown a ve interface on a vblade, the interface on the vmaster has already been disabled, but I get the message "This device is currently a vBlade. Try using the virtual chassis floating IP address instead." I've logged into the…
-
Config Virtual Servers ADC
Hi Support team, We are having an issue about config Virtual Servers. We are running A10 device in One-arm mode. From the A10 device, we can ping to Real Servers and can ping to client host succesfully. But from host, we can not ping to VIP (192.168.40.33), we just can ping the interface VE's ip address (192.168.40.101). I…
-
NHLD
Hello everyone! I would like to ask you for help, since I need to configure a client/server VPN where the client is the request from the internet, reaching A10, where it balances 3 links (NHLD), then the client's request the A10 must send it to the Firewall (LAN) which is the VPN server. Thanks a lot for your help!
-
Static NAT
Hello! I would like to request your help, I have a thunder which is performing the nhld function with two ISPs and 3 published sites, internet browsing and published sites work correctly, but there is a nateo that is made from one of the ISPs to a Private IP address (LAN) this nateo is used for SSL VPN connection in a…
-
Hosting and automating web content on A10 ADC
I'm looking to host a proxy PAC file internally. All changes to our PAC file are currently made via Git commits and then a member of our security team copies it over to a Web Server. This web server is very basic and does not support automation or the like. As such, we are looking at web hosting solutions that can be…
-
A10 physical to Vthunder migration
Hi All, We have A10 TH3430S in HA setup , we are planning to migrate to Vthunder. Current setup have multiple partitions(L3V) having more than 30 nos VLAN through trunk. Even some partition have more than 20 VLANs. While checking the Vthunder deplyment document I found that vmxnet3 interface does not support trunk and…
-
vcs Multicast IP address
Hi, installed the A10 V6 software in the Vpshere. VCS issue: After new build on A10 6.0.3 P2 the default multicast IP address (VCS config) is 224.0.1.210 (on V5 its 224.0.0.210) . VCS multicast IP address is 224.0.1.210. and it cause HA issue the standy by box become Standby-vMaster[1/2](NOLICENSE)> So we add the multicast…
-
Network port flap
I have 2 A10 thunder device in active passive cluster mode. We have 2 partitioned each node. Today all 4 ports in both the nodes went down and up again, causing services to move from one node to another and back again with massive service outage. What could be the issue
-
Aflex inside another Aflex
Hi I wonder if it is possible to use an Aflex inside another Aflex, for example when HTTP_RESPONSE { if { [HTTP::status] == 404 } { Aflex "ERROR-404" } } is this possible? Regards
-
slb template persist cookie template as command Aflex
How can I call an slb template persist cookie template as command in an HTTP event For example: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 192.168.1.10] } { pool example_server_group SLB slb template persist cookie "test" } }
-
Virtual Server UP/Down check via API
Hi all, I want to know is it possible to check if the slb virtual server is up or down via API ?
-
TCP default timeout on HTTP profile
Hello, I need help timeouts. We have a https virtual server, when i see its configuration "with-default" i see it has default tcp profile attached to it. As far as i know default tcp profile has idle timeout of 120secs. If i want to change this idle timeout to 300secs, how do I do it? Should i create a new TCP template…
-
Error HTTP
s.
-
Cookie Persistance
I have seen that some people prefer to use Aflex for cookie persistence, while others prefer to use an SLB template. Which do you think is the best?"
-
GSLB gateway failover
Hello I am trying to configure an A10 with 2 Internet Links to do response with a backup ip when gateway health check fails so I followed Multiple Gateway Links Configuration in the A10-GSLB.pdf but it´s not working This is an example of my configuration: gslb service-ip SIP-1 1.1.1.3 health-check HTTPS port 443 tcp…
-
Internet Access
Hello Does anyone know where I can request internet permission for the a10 network balancers and validate access?
-
session log is show reserve source and destination is ip 0.0.0.0 and client is not use web http
Hi, i check a box in log session is reserve source & destination is 0.0.0.0 and client says it cannot use web http quesion What could be the cause? Because when the client cannot use web http, the log session reserve source & destination will show the IP value 0.0.0.0.