-
Three ISPs links
Hi, We are using A10 for LLB of our three ISPs link, but there are drops on the internet lines. Please someone can help or have the same setup.
-
Source nat
We are setting up source NAT and the idea was to use the ve IP addresses for the associated vlan as the source NAT address in the pool. I swear we had it setup like this in version 2.7.2P6. but since the upgrade it says we can not use the ve interface IP address as the source nat address in a pool. Is there anyway of using…
-
Aflex to fix Chrome 80 Samesite Cookie attribute
SameSite is making headlines because Google’s Chrome 80 browser will enforce a first-party default on all cookies that don’t have the attribute set. This will lead to repercussions if companies who rely on third-party cookie requests don’t make changes by the February 4 deadline. Since we have a collaboration portal, we…
-
Source NAT pool and virtual ethernet address
Hi All, Currently setting up some new 3030S devices which I have recently upgraded to 4.0.1. We are setting up source NAT and the idea was to use the ve IP addresses for the associated vlan as the source NAT address in the pool. I swear we had it setup like this in version 2.7.2P6. but since the upgrade it says we can not…
-
LB persistence in source-ip template VS. method in service-group
Hey All, Can anyone tell me the difference between enabling persistence in a source-ip persist template applied to a virtual server vs. enabling the src-ip-only-hash method in a service-group? Both seem to say the same thing and if so which would take precedence? (if the other were configured otherwise) slb template…
-
How insert client ip into DNS Server
Hi All i have requirement for ADC setup which required to viewing of client source IP on DNS server on single-arm deployment of A10 SLB. Any workaround for this kind of scenario? Appreciate if you could advise me on this. Thanks in advance. Shawn
-
Load Balancing Cisco ISE PSNs with A10 Thunder?
Anyone have experience with this? We're trying to get it to work for the first time and having some issues with CoA. Thanks!
-
UDP session table aging - slb server forward packet reporting
I have two questions outlined below. But first the relevant config: When deploying / testing a RADIUS config with the following excerpt: slb template udp udp-fast-age idle-timeout 120 aging immediate slb virtual-server pa-rad-e2e x.x.x.x disable-when-any-port-down port 1812 udp service-group radius-public template udp…
-
How to hide directory from URL site
Hi!! I'd like how I can hide the directory from the site as example bellow: Site: http://site.com/index.php?page=items But in the browser only show http://site.com/ Is that possible be configurated in A10? Thanks, Rafael Morato
-
show vrrp-a floating-ip and object-group w/out showing running config
Hey, Seems simple but I'm not finding anything in the docs or postings. How do you show the floating-ip in a vrrp-a config without showing the running config for the vrrp-a section, which requires a privileged user? Likewise for object-group, how can that be shown without the running config for object-group section? I…
-
How to configure two different subnets as outside facing interfaces
Hi All, I want to add a VIP which is based on a different subnet. How can I achieve it? FYI I have configured Ethernet2 as my with the different subnet IP and able to ping it from other VLAN but failed to ping the VIP from other VLAN. Please help. Regards Azhar
-
GCM Cipher issues
Hi, Has anyone else experiences TLS connection issues (occasionally) when supporting GCM Ciphers in their Cipher-suites?
-
Best Practice for Persistence
Hi, I'd like know about the best practice or yours experiences with the percistence like how best way to deploy a persistence or how to work with each persistence. Thanks very much, Rafael Morato
-
A10 at KubeCon 2019 in San Diego this week
...And we will be showing SSM in our booth. Stop by for a demo!
-
Ansible help
Hi folks, I'm trying to setup an ansible playbook for our A10 devices. I intend to use the playbook to create new server, sg and vip configs. However, I am stuck with the overall setup and keep getting random errors. I tried to set up the playbook using both of the a10 ansible modules referrenced in the community and on…
-
Problem Insert Clien IP in HTTP Header
We have configured a HTTP Template for insert client IP in the Http Header, in the SLB VS configuration we have two apache server. The HTTP working properly in the Apache1 but Apache2 recived the HTTP Header with two X-Forwarded-For (IP Client and IP NAT) This is the configuration: A10PRO1-NEW-Active-vMaster[1/1][DMZ]#$…
-
enable password recovery on a TH940
Hi, the previous admin left our company and I need to recover the enable password. How do I do this?
-
URL switching and diferent persistence
Hi, It's possible to assign different persistence in an URL switching deployment? Backend http://server1:8080/site1 http://server1:8080/site2 Service group slb service-group sg-app tcp method least-connection member server1 8080 member server2 8080 2 services are in the same SG, Whe user access the VIP, it's possible to…
-
Aflex logic not taking precedence over session persit cookie
Hi, We have an aflex rule that redirects requests based on the url. There is also a persistence cookie set. The issue is when the url switches, the aflex logic should send the request to a new server pool, but the cookie appears to be taking precedence and forcing the request back to the original server the user was sent…
-
GSLB Group
Hi Everybody, We know the GSLB group works to syncronize GSLB Zones between 2 or more sites without aVCS. I'd like know what port TCPs (or UDP) this syncronization works Thanks, Morato
-
Trunk interface is not allowed on vlan in non promiscuous mode
Hi, I created the TRUNK lacp. WHEN I try create vlan and tagg to trunk id 1 the tag fail with the message: Trunk interface is not allowed on vlan in non promiscuous mode Example: interface ethernet 1/1 enable trunk-group 1 lacp interface ethernet 1/2 enable trunk-group 1 lacp interface ethernet 2/1 enable trunk-group 1…
-
Problem with periodic-backup
I am attempting to schedule a periodic-backup and having some issues. I can successfully trigger backups of the system data and logs to another server via SFTP and SCP by using backup system and backup log However, when setting up a period backup using periodic-backup the backup is scheduled but it won't run successfully.…
-
TCP authentication and SYN cookie?
Hi, Can anyone explain what is the SYN cookie and how we can use? Thanks,
-
TLS 1.3
Hi, Is TLS 1.3 supported on Thunder ADCs (Version 4.x) in a Client SSL Template? Thanks, Moshe
-
Box #1
I just so happen to have the very first A10 sold in North America. I just had A10 validate this for me. What do you think I should ask from them for its return? Would anyone in the A10 community want it and would be willing to buy it? Should I put it on eBay? Relics like this don't come along every day, so I don't want to…
-
an example of a DNS external health monitor
Hi, Does anyone have an example of a DNS external health monitor? The monitor should query an A record and check the IP address and provide up/down status based on the IP address matching a given/set IP address. Thanks
-
What is FTA?
What is FTA on Thunder device? Thanks.
-
NHLD health monitor config examples ?
Hi, I have a scenario where a non-AS customer has contracted Internet connectivity with 3 ISPs and is doing NHLD. What would be some commonly-used health monitors to determine which ISP link is up or down? I've used DNS queries using Internet DNS servers with static routes to each DNS server going through a specific ISP,…
-
Identifying original source thought SSLi.
Can the Thunder ADC 1030 with SSL Inspect to analyze traffic through a proxy informing its original source? For this configuration maybe I can use X-Forwarded-for, I`m not sure if it works. Could someone help me?
-
URL taking too long to open
Hello, I have an application who runs behind a VIP. We use some documents with hyperlinks to this application. Behind this VIP, there's others services. I had tested some of them and I have the same behavior, but if I use an hyperlink to other VIP, it works fast. I had tested all the devices in the route: firewall, DNS.…
