-
Harmony Controller
hi. How can I configure the A10 Harmony Controller from CLI or Web, have its IP address to connect it to the Internet
-
A10 Thunder
Hello! Where can I find CIS level documents for A10 Thunder 1040 or similar to do the hardening.
-
GSLB Site
Hi When the GSLB Gateway site fails, do the SIPs related to this site go down in the gslb zone?
-
GSLB Gateway transparent Health monitor validation
Hello How can I configure the A10 to validate the GSLB gateway using a Health check with transparent to 8.8.8.8? for example, like we do in slb server because by default GSLB gateway validation is an ICMP to the gateway IP but if the gateway is UP but does not have access to the Internet the A10 will not know so it will…
-
502 Bad Request
Hello, I need your help. I have a subdomain which is throwing 502 bad request and is published on the internet, to get out of the problem quickly, I migrated its VIP to the old netscaler balancer and it started working without problems. Could you help me see what is happening? I have taken traffic captures and they do not…
-
GSLB gateway failover
Hello I am trying to configure an A10 with 2 Internet Links to do response with a backup ip when gateway health check fails so I followed Multiple Gateway Links Configuration in the A10-GSLB.pdf but it´s not working This is an example of my configuration: gslb service-ip SIP-1 1.1.1.3 health-check HTTPS port 443 tcp…
-
VRRP-A and aVCS Configuration
Hello, I'm looking for some advice on a pair of AX1030's configured with VRRP-A and aVCS to be deployed. The cluster is configured to use VRRP-A and aVCS on interface Ethernet6. The devices appear to be working according to show vrrp-a and show vcs summary. These are the devices. AX1-Active-vMaster[1/1]…
-
Configure HA a/p on Thunder1040
Good afternoon, I'm new in the forum. I have 2 Thunder1040-F devices with firmware 5.2.1-p3, build 70, we want to configure HA in active/passive mode, what would be the procedure to do it. and that the synchronization is done automatically from the primary to the secondary Thank you
-
"msg": "Could not create health monitor -> Reach max account limitation”.
While adding addition health monitors on our exsisting TH1080 A10 boxes we are getting below error "msg": "Could not create health monitor -> Reach max account limitation”. Is it something related to resoures for health monitors reached maximum ?
-
Destination IP rewrite NHLD
Hi Guys Is there a way to rewrite a Destination IP based in NHLD? For example if an internal client send traffic to the IP 1.1.1.1 the Wildcard will receive the traffic and the A10 will rewrite the destination from 1.1.1.1 to 20.20.20.20
-
How can I use a VS IP as a source NAT in WILDCARD VS
Hi, guys. I've observed instances in various clients where an SLB VS is configured alongside NHLD. When an internal client accesses the Internet, the SNAT is typically a pool or auto-NAT, based on our configuration. However, there are scenarios where exceptions are necessary, and an internal client must use the SLB VS IP…
-
HTTP Strict Transport Security (HSTS)
Hello, can any share me the Aflex script for HTTP Strict Transport Security (HSTS).
-
DNS Response as Authoritative from GSLB server mode A10
Hi I want to configure the a10 to response as Authoritative so when someones quieres a FQDN in the A10 as server mode they will get the Authority flag = 1 I attach some screenshoots from my lab As you can see in the second screenshot authority = 0 Thanks for the help!
-
GSLB Sticky when clients use multiple DNS servers
Hi - I hope you can help me with this situation. It seems it would be pretty common. We have a particular load balanced internal/external application with a 43 minute timeout. We have two SLB devices both serving this application in 2 datacenters. In front of that we have GSLB configured with a 60 minute sticky DNS policy…
-
GUI Access A10 Certificate
Hello Team Hi, I currently manage a Vthunder through a VPN, when accessing the A10 via WEB I get a certificate error "This connection is invalid. SSL certificate expired" but by SSH if I can access the A10. Do you know of any error inside the balancer, or what can cause this.
-
Upload SSL certs to an A10 vThunder via axapi v3.0
Hi All, Can anybody tell me how to upload SSL Certs to an A10 vThunder via axapi 3.0? I want the certificate to be in the payload of the request, rather than having it on a remote server, as I don't want the A10 to be able to connect to outside servers. Thanks.
-
The ADC NAT pool port cannot be released
Have you ever encountered the issue of ADC device NATpool port occupancy that cannot be released? The ISP connection count is around 17,000, but the nat pool statistics show that the port usage has reached 37,000, which is many times more than the actual usage. The port usage will continue to increase until there are…
-
What HTTP header length limits are in force?
I am wondering what limitations are imposed on the length of a single HTTP header and what limitations are imposed on the aggregate length of all HTTP headers in a client request on an http port. We stumbled over a problem with some clients where the Authorization: header is in excess of 12 kbytes. The connection is reset…
-
2 Active Link and 1 Backup Link
Hi All, I have three ISP links. I want to configure 2 active links and 1 backup link (active when 2 primary links are down). I can configure a10 for 2 ISP links but the backup link doesn't have any idea. Could you please share a sample configuration for my problem? Thank you.
-
vThunders setup Health check for 443
Hello, Just getting my feet wet with this as we have few sets of A10 vThunders on 4.1.4-GR1-P6 Build 90 and looking to setup a Health check so that if 443 is not responsive that A10 knows to pass traffic to the other server and not the one that is down on 443. I created a Health Monitor for port 443 HTTPS and have defaults…
-
Cisco ACI and Nexus Configuration Utilizing OSPF to ADC
Anyone out there connecting their Thunders to a Cisco ACI configuration using OSPF? We are running Thunder appliances in pairs using VRRP-A. We will be running anywhere from two to five partitions on each VRRP-A pair. The Shared partition will be there to facilitate L2 and system administration. We will be creating trunks…
-
Integrate SIEM external log
Hi everyone, Our customer are running A10 ADC and now they want to integate SIEM external log. Please guide us config to get that if A10 can do it Thank a lot!
-
Forward Proxy + SSL Termination
We're using an A10 vThunder as a forward proxy for users. So the users live on the "inside" of our environment, reaching out to the Internet. We use a wildcard VIP to route all of their traffic, with a policy to permit/block certain hostnames. Works great. There's also a requirement to terminate the SSL session for a…
-
Habilitacion TLS 1.3 Error
Hola Compañeros de A10, actualmente tengo un incidente de configuración, espero alguien me puede colaborar o halla pasado por la misma situación y su respectiva solucion. TLS 1.2 se puedo habilitar sin problema, al momento de habilitar TLS 1.3 me está dando el siguiente error: La versión actual de mi ACOS es la 5.2.1-p5
-
Exporting Server List
Hi All, We are running an A10 Thunder 3030. I am looking to audit the configuration to determine valid SLB configuration. Is there a way to export the list of VIPs and with the associated Servers? Thanks for any help and advice. Cheers Deena
-
A10 Vthunder throttle traffic?
Hello, Just wondering if there is a setting in our a10 vthunder config that would throttle requests? We have 2 A10's running in a pair that have multiple VIPs. One of them goes to a site internally and we are receiving a request from our developers if they throttle requests at all? I am not sure if we have a setting to…
-
ACME SSL certificate rotation not updated on HTTPS port
I'm on ACOS 5.2.1-P6 using A10 ACME client to generate SSL cert/key pairs. No problem obtaining the files and applying these to templates. I then tested rotation using the "force" option. The new certificate was created and shows as "bound". However, the HTTPS port with associated client-ssl template is still using the old…
-
Upload SSL certs via axapi v3.0
I have tried using the file/ssl-cert AXAPI 3.0 endpoint to upload an SSL cert, and have so far been unable to with either curl or Ansible. curl -k -X POST -v \ https://a10.example./axapi/v3/file/ssl-cert \ -H "Authorization: A10 ${SIG}" \ -H 'content-type: application/json' \ -d '{ "ssl-cert": { "file": "example.com.crt",…
-
IP Source NAT Exhausted ??
Is this IP Source NAT pool exhausted ?? Can some help to resolve this if so ? Is that the only way to increase the pool ??
-
GSLB ZONE AS A RECORD
Hello! I´m configuring GSLB with a challenge which is to answer the queries for example.com as A record. example.com -> x.x.x.x The thing is that when we configured GSLB we have to add the domain in the zone and then configure the services for example www.example.com Does someone know how can I do this?
