-
A10 package for integration with Cisco ACI
Hi all, As I learned from A10 website, A10 can be integrated and automatically provisioned layer 4-7 network services within Cisco Application Centric Infrastructure (ACI) fabric. Could you please let me know when A10 will deliver software package to do that integration?
-
RDS 2016 Guide
Hi, I'm building a test microsoft RDS 2016 environment to eventually replace our old 2008 terminal server. I've followed several guides & have gotten it working, but now I'm trying to add it to our AX1030 & failing miserably. There's an existing deployment guide for 2008 terminal server, but nothing newer. Since those…
-
Fast doubt - show session virtual-server
Dears, How can we identify in the "show session virtual-server" which lines are the half-open tcp connection and tcp established? Regards, Régis
-
A10 hardware
Hello Knowing that the preprod case is a TH 840 CFW and that of the production is a TH 5440 CFW ,Can you confirm that in terms of configuration, OS update and patch application, we will have the same behavior between these 2 models? Thank you
-
External program debugging
Hi I am new to Thunder and networks are not my day job. I have been asked to help out creating an external program health check to do an application level health check. I sort of have the basics working but it is not sending any data to the actual servers on the specified port. I note that in the docs that I have…
-
axAPIv3 TPS DDoS Dst Entry tutorial?
Hi all, I'm working with axAPIv3 and PowerShell. I just recently wrote some functions to invoke API calls and I'm having a hard time wrapping my head around creating a 'ddos dst entry' and/or 'ddos dst zone' configuration. In the axAPIv3 Documentation for 'ddos dst entry', it provides a schema which has a ton of…
-
agalaxy
Hello. I am new with agalaxy, today in the TPS I saw the following message: Error [DDET]:zone=port_443 port=443 protocol=HTTPS level=1 event-type=DDOS_ZONE_ESCALATION Error Response Status: Notification failed. Please help me. Best regards. Mario Perez
-
Automatically disable Service IP based on Health Mointor
Hi, Is it possible to automatically disable a Service IP based on a Health check failure? I've assigned a health monitor (external ping) to a Service IP in GSLB but even if the health monitor fails its check the Service IP would not disabled. Thanks
-
How can I configure GSLB active/active for 2 sites ?
Hi All, I'm a newbie with A10 product. I'm facing with problem is: I have 2 sites was configured in GSLB and there are in GSLB Group for GSLB controler redundancy. Now, only one site have primary controller response for DNS and another is not response. In this situation, I want to both sites will response for DNS request…
-
Logging URL redirection
I need to log the requests to some URLs that are redirected to another domain. I need to know if there's still clients trying to access the OLD domain. I wrote an aFLEX to do this, and it works ok in my lab enviroment. I did the same configuration at the production network, but it doesn't work. There's not traffic matching…
-
Secure delete A10 HD and compact flash
Hi there, I've been reading but I can't find a definitive answer to a couple of questions. I need to securely delete our older A10 platforms and I'm trying to figure out a way to do this. I've looked into the 'reset' user. It appears to remove the configuration, but does it remove it from all bootimage areas? I.e. primary…
-
Real server through a default GW
Hi community I'm new in a10 knowledge and I want to ask your help with a doubt I can't reach a real server, when I apply a test and a debug I can see that no traffic is sending to that server IP. That server is not in the same LAN segment I can ping that server and reach it through my default gw that is a Checkpoint FW I…
-
Vmotion with vrrp-a heartbeats best practice
I'm not seeing (or finding) any documents out there that speak to best practices with VMware 's vmotion of a vThunder ADC when vrrp-a is operational. Understanding that during a vmotion event the VM is stunned momentarily and likely little to no IO for a short period of time. It would seem to me then that any heartbeat…
-
Virtual Server One port hearing and Multiple port Balance
Hi community I want to know if it is possible to balance between two different real servers that use ten different ports each of them. This using only One Virtual Server hearing in only one port This is a configuration example what I'm talking: slb server DNS1_SERVER 100.18.1.200 health-check-disable port 80 tcp…
-
Load balancing service with SSO Authentication
HI, i'm working in a new SLB service for an application with 2/3 servers. I'll try to explain the scenario: I would like to deploy a new VIP for load balancing of an application JAVA based (JBOSS Servers), for this we have to apply JSESSION ID persistence in the VIP with and aflex:…
-
Proxy Protocol headers
I know A10 doesn't support proxy protocol headers out-of-the-box but I was thinking would it be possible to do this using scripting? Meaning is it possible to alter http request so that proxy protocol headers are inserted before http method like this PROXY TCP4 192.168.0.1 192.168.0.11 56324 443\r\nGET / HTTP/1.1\r\nHost:…
-
Cannot connect to O365 via virtual server
Hi, When I'm using the real proxy servers, it successfully connects to o365 (web) and some other sites, while when im using the virtual server witch has the nodes of the proxy servers, it wont connect to 0365 and other sites. Is there a way on how to check this problem? TIA.
-
Redirect to other url
Can we redirect to external url when all real servers failed health check.
-
TCP-proxy Client-IP
Hi. We have SLB Virtual Service with type TCP-Proxy and we've also enabled Insert Client IP option in TCP-Proxy template but all traffic is forwarded from AX1030 internal IP .The question is how we can get source client IP ?
-
SSL SAN Certificates
All, I am having a problem getting my A10 to allow SAN type certificates for a virtual port. Does anyone know if its possible and if the A10 supports it?
-
SSLi Issue if you open HTTPs websites from search engines
Hi, I have noticed sometimes SSLi works sometimes not, I did couple of tests until I reached the following: if you open a browser like Google Chrome and then type a name of website (without .com or .net) like "cnn" then the browser will take you to the search engine, in our case Google Search because we are using Google…
-
axapi v3 export object - no password attribute?
Thanks for the really quick reply earlier today regarding partitions, glad to have this forum actively monitored. I'm not seeing a password attribute for the export object. I do see one for import, which works just fine. I tried passing it the attribute but it doesn't like it: { "response": { "status": "fail", "err": {…
-
axapi v3 - accessing non-shared partition objects
Anyone, With axapi v3 how does one access the non-shared partition objects? Specifically I can see and access shared partition objects/files bw-list, etc. but cannot figure out how to get to objects from other partitions: GET to => https://10.x.x.x/axapi/v3/file/bw-list/oper yields shared partition bw-list files: {…
-
InterVlan Issue - need help please
Hi, Before A10 Deployment, our Core firewall was doing the InterVlan Routing. At the moment A10 does the InterVlan Routing. While we require the Core Firewall to do that, we do have 10s of restriction policies. I have simulated this in a testing environment and appreciate your help. Here is my full configuration, system…
-
VCS avec VRRP-a shows unknown status
Hello, I have a problem with my VRRP-a configuration. Everything works fine, I dont have problem with the service but when I login into the ADC I see the VRRP-a status as unknown. Here's some troubleshooting I have done: AX-vMaster[1/1]#sh vcs summary VCS Chassis: VCS Enabled: Yes Chassis ID: 1 Floating IP: 10.20.10.102…
-
Disaster Recovery configuration example for GSLB
Posted by dbanares Hi, I would like to ask an example configuration for disaster recovery deployment. What are the options to select in the GSLB algorithm for this kind of deployment. I can't find this topic in the manual. Thanks, Dannel
-
AD group membership determine single factor vs dual factor Auth
I have a site where Active Directory group membership should determine whether users are prompted for single-factor or two-factor authentication. GroupA (single factor) - Windows server group NTML GroupB (two-factor) - RADIUS: duo I imagine there is away with an aFlex script after primary authentication to query group…
-
A10 Thunder URL match statistics
Hello, is there a way to have the match statistics for a URL? I will like to have the number of time a site is visited. I have this in real time and I have the logs, but going through the logs each time is too long and the real time information doesn't help. Any clue? Thanks in advance!
-
latest firmware
What is the latest version of the firmware for an AX2500
-
Dynamic vs Fixed CGNAT
Trying to use dynamic CGNAT, with a class list under one subnet and lid id. Have 50+ client subnets and want them to automatically receive nats from that pool. But, I have to enter each client subnet individually (which defeats the purpose). What's the resolution? Also, when is it appropriate to use fixed vs dynamic CGNAT?…