-
GSLB Service Port
What is the significance of the GSLB service port? I have set up my service IP ports to match my SLB configuration. I understand that service IP ports are in place because they can be used for health checking. However, at the service level, it seems the port is kind of redundant and I have simply set up port 53 to match…
-
Carrier LLB aFlex
Posted by a10jliu We are using AX 3200 for certain ISP as LLB solutions. For LLB we need NAT sticky functionality similar to LSN to make sure certain NAT used during client-> server connections. So we achieve this by define single IP nat pools and naming them accordingly. Code: when CLIENT_ACCEPTED { #Drop some packet…
-
SNI and AFLEX
Hi all, I have a problem with aflex configured on a VIP with a SNI template applied. On the VIP I have exposed application for domain1 (the default certificate in the SSL template) and 2 services for domain2. SNI template i sworking fine but now I need to add on the VIP an aflex like this: #Rewrite if {[HTTP::host] matches…
-
HTTP Template Redirect Rewrite
Hi all, I'm trying to do Rewrite with an HTTP template but I can't understand how it works. I configured correctly the template to balance on the service group inside the app swithcing part but I also want to redirect as shown below: When client request www.example.com I want rewrite to example.com/pwm So my rule on the…
-
doubt about snat log
Hi Everyone, Actually i have a doubt about what that's exactly means the following entry on my ACOS system: Dec 07 2017 14:26:28 Warning [ACOS] Obtaining Address/Port from NAT Pool Nat-137 failed due to Honor Misses Dec 07 2017 14:24:01 Warning [ACOS] Obtaining Address/Port from NAT Pool Nat-Uss-2 failed due to Honor…
-
AXAPI: Determine when configuration last updated
Hi folks, I've been scouring the SDK documentation for the 4.1.x ADC code and have been unable to figure out how to determine the date time of the last configuration change. In the CLI I can run 'show running-config' and look at the top where it indicates when it was last updated and when it was last saved. In the earlier…
-
axapi wildcard
Hi all, I've begun to use the axapi. Here's the question: First, I got the authentification token. Then I'm seeking the virtual servers inforation. curl -k GET https://1...7/axapi/v3/slb/virtual-server -H "Content-Type:application/json" -H "Authorization: A10 3a7ff8596db0249f25761b09548437" I'm after the oper status of…
-
HTTP not work properly
Hello, we use A10 Thunder for SSL Inspection as Explicit Proxy. If the users use Internet Explorer or FireFox and they are browse http content which normaly gets redirect to https like http://www.google.de the site doest not load and the browser shows a proxy timeout error. If the user browse URLs which only exists at http…
-
Can Thunder SSLi bypass inspection by OU ?
Can Thunder SSLi bypass or not inspection by OU ?
-
WAF messages filter
Hi all, I've applied a WAF template on my vThunder (release 2.7.2-P10) to test the impact on my application. I also added a logging template to send messages to my log server and it is working fine. Is there a way to filter messages sent by the vThunder so only denied actions are logged? Thanks Luca
-
"certificate revocation list" and A10 Thunder
Hello, i Need to configure CRL on the A10 Thunder device. How the device handle the CRL list's? Is the device update the list or i have to do it myself? When the device update the CRL. How it works? Which protocol will be use?
-
DNS Firewall
Hi Team: Can you please list down series of attack tools that we can use to test the DNS firewall of A10?
-
Clustering A10's devices
Do we have a process of adding a secondary unit to current active standalone A10 device and bringing both on them into Active-Standby cluster? Are there any caveats to be noted ? Thanks, Abhi
-
AX 1030 ADC - vBlade thread stopped
Got few warnings popup, what does these means? Significant? Warning [VCS] vBlade thread stopped Warning [VCS] vBlade thread: peer gone, reconnect (0) Warning [VCS] something wrong with the connection, try to reconnect Warning [VCS] vMaster(device 2) is gone:lack of heartbeats Warning [VCS] vBlade daemon SIGALRM is not…
-
Help with DNS Proxy
Hello, I am new to A10 and recently we started supporting a customer which has an AX1000 (I know it is old) and they want to use a feature that I think it is called DNS Proxy. They have a published service on two ISP links, so when, externally, you make a DNS query (nslookup) on the service you get both IPs but, when one…
-
Local log traffic is too heavy
Dera all, I have a strange message on my vThunder. I'm sending log messages to my syslog server to keep trace of the client connections, locally I log up to warning severity so I expect not overload my buffer, you can see my configuration in the screenshot attached. The problem is that I receive a lot of messages like…
-
mixed layer2 and layer3 environment
Hi, Can thunder support mixed transparent and route mode on the same chassis, or it's possible to do it between different ADPs. Thanks
-
Load Balance ADFS Servers
I am struggling with the following. we have two adfs server adfs1.company.com.au and adfs2.company.com.au. if i access them externally via adfs1.company.com.au or adfs2.company.com.au I can get there. if try to use adfs.company.com.au externally and hit the service group of SG_ADFS (has adfs1 and adfs2 in it) it never gets…
-
Powershell Commandlets for A10
IS there any plan for A10 to create powershell commands/commandlets? I'm in a Microsoft shop with the VSTS devl platform and Python is not a good fit. I'd like to automate the deployment process to include the A10.
-
Load balance LDAP servers
I'm trying to setup a simple VIP to load balance LDAP queries to a few internal ldap servers, however I can't create the servers because they already exist as AAM Authentication Servers. What's the best way to configure this? I require A10 to use Authentication servers for login portals for some VIPs, however I do also…
-
SLB Acl issues
I have an acl allowing access to SLB only from a specific hosts however i see that other IP's can also access the SLB. can you please check and let me know if there is anything else required from config perspective for locking down the access. access-list 10 permit host 1.1.1.1 access-list 10 permit host 2.2.2.2…
-
Mixed content not in a response
Hi All, I'm facing a problem with my vThunder version 2.7.2-P10(build:85). I have to publish an internal application that, after the login, build a dynamic content by xmlhttprequest. I made a simple configuration with https on the VIP and full reverse proxy through app switching in the http template pointing to the…
-
WAF URL Check not matching
I've setup a WAF template to try to only allow access to certain paths for a URL, and I think I've done this correctly, however I am having the connection reset by the WAF even when the path is the allowed one.show waf policyTotal WAF policy number: 15Max WAF policy file size: 256KName Syntax Template…
-
Don't Allow a URL containing an MS-DOS device name
Hi! I would like to use our AX1030 and aFlex to make sure that "Microsoft ASP.NET MS-DOS Device Name DoS"-requests get a 404.5 response "Microsoft ASP.NET MS-DOS Device Name DoS"-request have one of the following as a sequence in the URL: AUX CON PRN NUL COM1 LPT1 LPT2 LPT3 COM2 COM3 COM4 Any suggested way to solve this in…
-
NHLD: Application options dedicated for specific link
Hi Team: Setup:Next Hop Load Distributor Just want to ask, Is it possible to dedicate a specific application to use a specific ISP link? For ex. Skype traffic, all of the traffic from a skype client will only use ISP 1 link. Is this possible? if yes, how can we implement this. Looking forward to hearing from you soon.…
-
ax 2500 lb
Hey guys, Im a new user with the ax 2500 lb box. I have 2 of them in my company, already configured and everything. lately we needed to kill the power to move them to some other place and from that point one of the boxes became inaccessible, i cant login to it but i can use the strange ssh to login to it, currently i work…
-
Need to avoid DNS recursion for External user
i have a thunder 3030s and Configured DNS loadbalanceing but facing an issue vip is nat with public ip for external users.for internal user its working fine but we need to avoid the recursion for external users.external user only allowed its domain(example snskies.com). need a quick response
-
aGalaxy Tacacs setup
Setting up a new aGalaxy system. We are able to setup tacacs but there is only one option available for Authentication method (PAP) we use CHAP. the information in the help states there is more options but no where to change them. Currently on version: 3.2.2 b339 using a VM Any suggestions.
-
SNMP Traps v2
i have a thunder 3030s i have configured SNMP traps version2 works fine send traps on NMS but its send thousand of traps with in a hour i have customize the trap list but still 3030s box send thousand of traps.on NMS i have seen there have lots of Reputation of traps against single service
-
Login directly into "privilege mode"
I'm trying to configure A10 to change the default login to privilege mode and it doesn't seem to be working with login privilege mode command. Could you please let me know if i need any additional commands for this? Thanks, Abhi