-
Same mac-address for each vip on same partition
Is it possible to use the same mac address for each vip on the same partiton as the routed ve interface has ?
-
Display all VIPS associated for a particular server .
I want to know for a particular server lets say 2.2.2.2 on what vips this server is used whats the CLI command or GUI ?
-
HTTPS between ADC and Real Server
Hello, I need some help to configure HTTPS comunication between the ADC and the real servers. I have this scenario: Virtual server: X Virtual Services: 80 redirect to 443 URLS: example1.com example2.com I have an aFlex whose send the request HTTP to some services groups. The LB criteria is the path behind the URLs.…
-
Query on authorization based on Private Partition
Hi, We are trying to configure authorization based on Private Partition through external radius server. how can we allow access to multiple partition for an admin user? can you provide a sample config (radius)? Thanks & Regards, Nimal
-
SSLi - Key Parsing Failed
Hello, Does anybody had received the error "Key parsing Failed" when tried to import the forward proxy ca cert and key at client_ssl slb template? What is this mean? How can i fix it? Best regards, Daniel.
-
server and vserver stats - how to use
Hey All, I see: extended-stats Enable extended statistics on real server stats-data-enable Enable statistical data collection for real server is available for both servers and virtual-servers. What are they, what additional information is available, how are they used/obtained cli, webUI, AXAPI or other? Are there any…
-
A10 Thunder, SSL inspection and bypass troubles
Hi, I am posting regarding some troubles I am seeing on my network. We do have a A10 Thunder doing SSL decryption and re-encryption. Here is a description of a problem I am investigating: Im trying to install software on my PC, which fails. I also have a laptop which bypasses the A10 completely and the software install…
-
HTTPS on the backend
Dear all, I know that what I'm going to ask is not technically clean or correct, but I want to know if the possibilty exists. At the moment I have a vThunder version 2.7.2-P10 who is doing SSL offload for my applications and balance on the backend over different HTTP ports. Suppose that instead of HTTP I need to balance on…
-
SNMP OID for system platform interface drops in vThunder
Hi Folks, Recently there are few packets drops in my network and found there are system platform interface TX drops. Are there any SNMP OIDs for monitoring those interfaces' errors and drops?, if not are there any other way to monitor those? Active[CGNAT]#show system platform interface-stats /proc/a10/aten_stats_10g:…
-
GSLB Policy - internal VIP, keep folks local
Here's what our server folks are asking me ... We will have 2 internal access only VIPs in each of 3 sites: mail.example.com and autodiscover.example.com. The VIPs are for internal user access to OWA (2016 Exchange). A10 has a nice doc on setting up a single site for Exchange 2016. We will have 3 sites with a couple…
-
Mirror Decrypted Web Traffic
Does anyone know of a way to mirror or replicate decrypted web server traffic to a monitoring server or sensor? Scenario: A10 ADC is acting as a reverse-proxy for a farm of web servers. Client-side traffic is encrypted via TLS from client to A10 VIP. Server-side traffic is also encrypted via TLS from A10 to the web servers…
-
Safari Prefetch
Is there a way to drop requests with the "Purpose: prefetch" header? These appear to be causing stale requests to iOS browsers.
-
SSH reverse proxy
I am wondering if there is a way to configure a reverse proxy for SSH on the Thunder AX? I wouldn't think it should be a big deal. The external side of the A10 would constitute the psudeo-server. The internal side of the A10 would be the psuedo-client connecting to the real server (just like HTTPS). The A10 would terminate…
-
DUO Dag servers behind A10 Thunders
Anyone out there have any experience configuring DUO Dag HA environment behind A10 Thunders? I have some questions regarding the SSL client/server certs, SSL offload, and the health monitors.
-
aFlex for log mail from,to, on STARTTLS/TLS mails in ssl-proxy port
Hi, i'm new in this forum and with a10 aFlex. Device: A10 thunder 3030s Os: 2.7.2-P11(build: 77) I've configured a SMTP service in one VIP with two ports: 25 - SMTP 2530 - STARTTLS/TLS (port with ssl-client template in mode ssl-proxy) and (for GDPR law) need to log the ip, mail from, mail to, message id, ip from, vip,…
-
A10 WAF fine-tuning
Hi, Is there any whitepapers, recommendation or detailed guide for A10 WAF fine-tuning? From my current knowledge...compared with F5 ASM, there's no case id for each blocking Also there's no easy/quick wizard for common webapp specs deployment (Language, OS, Database type etc) So how you guys do about it? Turn all feature…
-
A10 AXv Thunder 4.0.1 Disk Space issue
Hi there, Currently have an instance of A10 AXv Thunder 4.0.1. Issue I have is that I am unable to increase the disk space within the the software. I have increase the disk in VMWare and the console shows the new 'total' disk space but free space stays the same, appliances keeps showing error 'Ramdisk is mounted READ ONLY'…
-
A10 package for integration with Cisco ACI
Hi all, As I learned from A10 website, A10 can be integrated and automatically provisioned layer 4-7 network services within Cisco Application Centric Infrastructure (ACI) fabric. Could you please let me know when A10 will deliver software package to do that integration?
-
RDS 2016 Guide
Hi, I'm building a test microsoft RDS 2016 environment to eventually replace our old 2008 terminal server. I've followed several guides & have gotten it working, but now I'm trying to add it to our AX1030 & failing miserably. There's an existing deployment guide for 2008 terminal server, but nothing newer. Since those…
-
Fast doubt - show session virtual-server
Dears, How can we identify in the "show session virtual-server" which lines are the half-open tcp connection and tcp established? Regards, Régis
-
A10 hardware
Hello Knowing that the preprod case is a TH 840 CFW and that of the production is a TH 5440 CFW ,Can you confirm that in terms of configuration, OS update and patch application, we will have the same behavior between these 2 models? Thank you
-
External program debugging
Hi I am new to Thunder and networks are not my day job. I have been asked to help out creating an external program health check to do an application level health check. I sort of have the basics working but it is not sending any data to the actual servers on the specified port. I note that in the docs that I have…
-
axAPIv3 TPS DDoS Dst Entry tutorial?
Hi all, I'm working with axAPIv3 and PowerShell. I just recently wrote some functions to invoke API calls and I'm having a hard time wrapping my head around creating a 'ddos dst entry' and/or 'ddos dst zone' configuration. In the axAPIv3 Documentation for 'ddos dst entry', it provides a schema which has a ton of…
-
agalaxy
Hello. I am new with agalaxy, today in the TPS I saw the following message: Error [DDET]:zone=port_443 port=443 protocol=HTTPS level=1 event-type=DDOS_ZONE_ESCALATION Error Response Status: Notification failed. Please help me. Best regards. Mario Perez
-
Automatically disable Service IP based on Health Mointor
Hi, Is it possible to automatically disable a Service IP based on a Health check failure? I've assigned a health monitor (external ping) to a Service IP in GSLB but even if the health monitor fails its check the Service IP would not disabled. Thanks
-
How can I configure GSLB active/active for 2 sites ?
Hi All, I'm a newbie with A10 product. I'm facing with problem is: I have 2 sites was configured in GSLB and there are in GSLB Group for GSLB controler redundancy. Now, only one site have primary controller response for DNS and another is not response. In this situation, I want to both sites will response for DNS request…
-
Logging URL redirection
I need to log the requests to some URLs that are redirected to another domain. I need to know if there's still clients trying to access the OLD domain. I wrote an aFLEX to do this, and it works ok in my lab enviroment. I did the same configuration at the production network, but it doesn't work. There's not traffic matching…
-
Secure delete A10 HD and compact flash
Hi there, I've been reading but I can't find a definitive answer to a couple of questions. I need to securely delete our older A10 platforms and I'm trying to figure out a way to do this. I've looked into the 'reset' user. It appears to remove the configuration, but does it remove it from all bootimage areas? I.e. primary…
-
Real server through a default GW
Hi community I'm new in a10 knowledge and I want to ask your help with a doubt I can't reach a real server, when I apply a test and a debug I can see that no traffic is sending to that server IP. That server is not in the same LAN segment I can ping that server and reach it through my default gw that is a Checkpoint FW I…
-
Vmotion with vrrp-a heartbeats best practice
I'm not seeing (or finding) any documents out there that speak to best practices with VMware 's vmotion of a vThunder ADC when vrrp-a is operational. Understanding that during a vmotion event the VM is stunned momentarily and likely little to no IO for a short period of time. It would seem to me then that any heartbeat…
