-
Upgrade SoftAx 2.7.1 to 4.1
Has anyone successfully upgraded a SoftAx 2.7.1 to a 4.1 version?
-
Using aFlex to generate custom redirect URI
Hello, I would like to use aFlex to re-write a URL redirect using the name of each server in a service group. For example, I have virtual_serverA and multiple serverX (server1, server2, server3, etc.) in a service group. The A10 is configured to actively check the health of these servers. When someone connects to…
-
count source IP with x-forwarded-for
Hi May I count source IP with x-forwarded-for filed by aflex? ex: if one the same source IP connection more then 1000 in one min or 5 min, then log in syslog. I have referred "rate-limit-connection-requests" tcl, like below: when RULE_INIT { set ::MAX_REQUESTS 1000 } when HTTP_REQUEST { if { [HTTP::header exists…
-
vMaster inconsistent with vblade errors
Getting a bunch of these in the logs: vMaster is inconsistent with vBlade 0 Here is what I am seeing in the various vcs show commands: A10-1-Active-vMaster[1/1]#sh vcs summ VCS Chassis: VCS Enabled: Yes Chassis ID: 1 Floating IP: 10.1.99.100 Mask: 255.255.255.0 Multicast IP: 224.0.0.210 Multicast Port: 41217 Version:…
-
Redirect when HTTP_RESPONSE [HTTP::status] contains "200"
I need to set up a script that does redirection when there was status code 200 for the same page with dynamic context for example https://myURL.com/xtyfwdk I set the following script but has error Error : aFleX compile error : line 15: "command is invalid in current event context [ HTTP :: uri ]" used script When…
-
Server still in Disablel mode after graceful shutdwon expired
one of our server admins disbaled a server while there was still a user online. This activated the graceful shutdown and kept any further changes from being made. The timer has expired but the servers are still disabled. Besides rebooting the device, is there any other way to enable these servers on the A10 AX2500 again?
-
Adding additional VLAN tags to existin interfaces
My current configuration is listed below. I need to add VLAN 1910 to the Ethernet interfaces of 1 and 2 so they reside in both VLANs 910 & 1910. This needs to be done with little or no disruption the exist LAG and production network. Can this new VLAN 1910 be added and combined with VLAN 910 for both Ethernet interfaces 1…
-
Real Server NAT (South-North) when access Internet
Hi All, I need help on how to achieve source NAT for traffic originating from a real server and heading North to the Internet. I have set up our 3030s with basic Load Balancing, and using Source NAT Pool attached to various virtual services, which all works fine as expected to NAT incoming client traffic to the backend…
-
acos_migrate.pyc where can it be found
Where can i find acos_migrate.pyc. I want to do a trial run upgrade from 2.7.2x to 4.0.3 but i can't find the config migration script. Kind regards Igor
-
[ACOS]:LSN: TCP user-quota exceeded on pool
Dear Support Team, We are using Thunder Series Unified Application Service Gateway TH930(A10) as CGN. Currently we have a problem with the following log message: ============================================================================================ Mar 15 2016 10:22:40 Notice [ACOS]:LSN: TCP user-quota exceeded on…
-
Port Translation without "no dest nat" option
Hello, I need to create a virtual port that translate port and dest. But the ACOS force me to check "no dest nat" first before allow me to check "port translation". So A10 can't translate port and dest in the same virtual port/service? Am I correct?
-
Restrict SMTP to list of allowed IPs
MS Exchange 2007 services under one VIP, on AX 3200-12's in one-arm mode. I want to restrict the SMTP service to allow only a predefined list of client IP addresses or networks to go through. This would match the allow list on the Exchange Server configuration. The reason for this is since the AX's are in one-arm mode…
-
multicast log
Hello Multicast log exhaustively been continuously generated statement model: THunder930 version: 2.7.1-P6 show log : Warning [ACOS] : The total multicast packets 8212 per second on VLAN 36 has exceeded the configured limit of 1000
-
root account
Can we access a root account of Thunder platform?
-
aFLEX for SIP SLB on Code bases
Will this script load balance SIP traffic? If Code 900 send traffic to node x.x.x.17 If code 903 send traffic to node x.x.x.18 Load balance rest of the traffic. when SIP_REQUEST { if { [SIP::to] starts_with "<sip:900" } { node x.x.x.17 } } when SIP_REQUEST { if { [SIP::to] starts_with "<sip:903" } { node x.x.x.18 } }…
-
Error [SCM]:JWT: result invalid
Hi All, can anyone shed any light on the following error message that I am seeing in the logs. I don't see any other log traffic. Just the this error message: Feb 29 2016 10:34:09 Error [SCM]:JWT: result invalid This has been ongoing for the last couple of days judging by log history. Thanks Ryan
-
Gre tunnel between a10 and server
How to configure a GRE tunnel on a10? My servers and the A10 are not in the same L2 network- But I would like to use DSR. I am have 2 options : ip-in-ip encapsulation or gre tunnel. Ip-in-ip is the best solution but my 2016 servers do not handle this encapsulation as expected. The only option left is gre tunnel. How to…
-
Reselect rserver depending of the server response URL after a 302
Hello We have a web server that is configured in a way that, if it detects an internal failure like in the DB, it returns a 302 code redirecting the request to a sorry page in a URL format http://<domain>/error I need to create an script or maybe a healthcheck that allows me to detect that response, and then reselect…
-
Control recursive DNS queries
Hi all, I'm wondering if/how in aFlex I might be able to allow or deny recursive DNS queries based off a source IP list. For example, if a remote IP not on the list has the recursive bit set in the query, the A10 will block the query outright instead of forwarding it to the DNS server.
-
Thunder 930 FAN/Power ISSUE
Hello This article places due to a problem with the Thunder 930 Model: Thunder 930 os: 2.7.1 P6 Logs: L4-Active # show enviroment Fan1A: OK-low / med Fan1B: OK-low / med Fan2A: OK-low / med Fan2B: FAILED Fan3A: OK-low / med Fan3B: OK-low / med Fan4A: OK-low / med Fan4B: OK-low / med System VOltage OK Oct 17 2015 14:52:43…
-
Server response redirected to other port.
Our team is looking for an aflex code that can rewrite the server response. We want to achieve in this aflex is to redirect first the traffic response from the server to 192.168.10.1:3013 for authentication login then after user successfully login redirect again to the other port 192.168.10.1:2011 which is the main…
-
aFleX for cookies httponly with one exception
Hello, I need to make a script aFleX for cookies with flag HTTPonly with one exception for cookie with name LID. I tried to use aFleX like below: when HTTP_RESPONSE { if {([HTTP::header exists "Set-Cookie"] and [HTTP::cookie contains "LID"])} { set cookie_value [HTTP::cookie "TestCookie1"] HTTP::cookie remove "TestCookie1"…
-
request-header-insert and client IP
Hi Is it possible to pass the client IP address using request-header-insert? I have tried the following but always end up with the literal rather than the client's IP address request-header-insert X-CLIENT-IP:[IP::client_addr] insert-always Many thanks Huw
-
Cannot distribute traffics evenly by using round robin
Hello All, Customer use the round-robin method without any persist template. Total sessions are not load balancing evenly below; Surely I checked again after clearing sessions. And the monitor of real servers was normal. But sessions still distributed evenly. I think this issue is limited to my customer......:) However...I…
-
Weak Diffie-Hellman - Custom DH Parameters
Hi All, I have just implemented some 3030S and migrated some services across in our production environment. The 3030S terminate SSL for the backend services. Out of curiosity I ran some SSL LABS test against the services and they all flagged errors with weak Diffie-Hellman key Exchange Parameters and therefore capped the…
-
Interface Speed and Duplex after upgrade.
Hi All, I have recently upgraded our 3030S from 2.7.2P6 to 4.0.1. I followed the upgrade procedure in the release documentation including parsing the backup through the python migration script. I encountered many issue when I rebooted and the applied the restoration of the config from the script. one of which is that I can…
-
Restrict Access to particular URLs
I am looking at the best way to only allow access to particular URLs on a VIP. One way I thought of was to use a aFlex script to allow/deny access. I have not found any specific scripts to do this, but I have found some for other providers. I am looking for the best most efficient way for latency/system resources to…
-
Replacing Web Certificate (for GUI)
I am beginning to config a recently-purchased Thunder 3030 and need to replace the web certificate. I have a wildcard cert that I use for most other objects in the network (*.company.com) and I am having problems trying to install the cert, key, and chain cert. Unfortunately the error is not very descriptive - all I see in…
-
AX1030 Still crashing opening large list ssl template
Hi, I am having issues with my ax1030 loadbalancers. When i try to open the list of client-ssl templates the machines locks up (no ping) and the slave becomes master. I have reported this many times to A10, but every time they say to wait for the next release. Each new release does not help me with this problem. I have a…
-
SSLi question for Dynamic Port Intercept with Single-appliance architecture.
Hi experts, For dynamic port intercept, I know that I have to configure two vlans between the two adc's. But when I deploy it with single appliance(using ADP), I couldn't configure same vlans with below error message. "This VLAN or Port is owned by another partition." Anyone can give me some idea or concept for the…