-
problem with my sorry server
Hello: I have two service-group,(servers X and sorry servers). When my primary service-group fail (all servers down) sorry server respond in other service-group (this step is okay) but when primary service-group came back, I (have) need to wait about 8 minutes (that time is a configuracion for sticky in primary…
-
NHLD VRRP
Does anyone here tried to setup a VRRP-A ACTIVE ACTIVE on NHLD? Kindly share your config. Thanks.
-
Bandwidth checking: SNMP load balancing for NHLD
Does anyone here tried to configure SNMP load balancing for NHLD ISP links bandwidth checking?
-
Deletion of connections when real a real server goes down.
Hi experts, I'm looking for solutions regarding connectivity issue when a real server goes down. Actually, I'm deploying Thunders for FWLB and tested for failover of Firewalls. When a firewall goes down, connected clients are failed to communicate as expected. I wonder the ACOS able to delete connections when health…
-
Question about VRRP log
Hi All I have been configured VRRP-A on the 4.0.x. What does the following log mean? Something wrong for configuring VRRP? Please advice. Nov 24 2015 18:30:50 Warning [HA]:VRRP-A device 1 partition 0 vrid 13 has different failover policy settings: failover policy used: 1 VRRP conifguration is; DEVICE#1 vrrp-a common…
-
aXapi for ram cache connecitions
I'm looking at the aXAPI for version AX Release 2.7.0 and am unable to find the method for ram cache connection information. Is there currently a web method to get this information or possible release date for this functionality?
-
IP Address already configured on an Interface - when trying to add IP to VE
Currently have one VE with an IP address configured, and trying to add a second one I get this error: IP Address already configured on an Interface. This is within a tenant partition. The IP address I am trying to add does not overlap with the other VE or the management interface under the shared partition. The A10 is…
-
Default Route Tracking
Hi all, I have a pair of 3030s running 4.01 that I am setting up in an aVCS VRRP-a pair that will replace a couple of Cisco CSS devices. One question I do have is on the CSS pair I track an upstream external router with an ICMP ping to check if it is 'Alive' if it fails to respond then it forces a failover in the pair so…
-
direct access disable
Hi everyone Please check configuration , which can not be accessed by the client directly to server request in this feature , you must apply to a10 existing equipment alteon from alteon to thunder 930(2.7.1 P6) migration thank you
-
Link Load Balancer using AX
Hi, Does anyone here deployed A10 AX as Link Load Balancer with GSLB inbound traffic server mode or subdomain mode? can you please share your running configuration as a reference. Kindly share your ideas about it Thanks you in advance
-
FPGA and Non-FPGA
what is the difference between the two?
-
Replace/Clear X-Forwarded-4 or insert if not existent
Hello, We're using the following script to insert an XFF header. when HTTP_REQUEST { HTTP::header insert "X-Forwarded-For" [IP::client_addr] } How do I change it to SET (not insert) a single header ? I mean if there is already an XXF, we want to clear it....before inserting our own. Thank you
-
Sticky session based on JSessionID
Hello everyone, Does anyone know if it is possible to create sticky sessions based on the JSessionID? Our customer requires load balancing for Oracle Application Server based on JSessionID. Is something like this possible using aflex? Many thanks in advance! Regards, Mat
-
VCS message: vMaster is inconsistent with vBlade 0
Hello, we implemented 2 new AX3200-12 with ACOS 2.7.2-P6, build 65 as VCS. Everything is working fine, vMaster and vBlade are up an running and config changes on vMaster are synced to the vblade. Now to my question: On the vMaster I can see every minute the following log entry: Nov 17 2015 17:56:22 Info [VCS]:vMaster is…
-
Understandint WAF implementation Jscript_Defs
Hi All, I am just looking the WAF capabilities of our new 3030S devices. I have implemented a basic policy in Learning mode and our QA testers have raised that some of the web page forms are failing now. looking at the logs I see the following entry "Javascript pattern detected! test+programme+description matches #91 in…
-
SSL security and Service group selection
Hi, I am currently using an a script that redirects incoming requests to specific service groups based on the host and uri. This is used for various stages in our software testing and QA cycle, an excerpt of the script can be found below: # Provides Service Group Selection based on both Host and URI when HTTP_REQUEST {…
-
Destination IP hash vs Destination IP Only Hash
Can someone please briefly explain to me what are the difference between destination ip hash and destination ip only hash? Thank you very much.
-
Question for SHA256bit for SSH management
Hi all, Does Thunder Series support SHA256 for SSH management?
-
Health monitor SMTP
I am in a managed environment and they just converted from ACE to A10. I have no documentation and I understand there is a standard health monitor for SMTP. First, is there a confiuration guide available somewhere? If not, can someone please post the standard SMTP health monitor? Thank you, CO
-
Measure the attenuation and transmission power
Gentlemen, I have a A10 TH930 in my infra and I'd love to know if is possible to measure the transmission and attenuation power (dB) of my optical system. Are there some specific command in A10 Cisco like: # show controllers [interface] phy ... Thresholds: ... Temperature: 28.484 Voltage: 3.317 Volt Tx Bias: 3.630 mAmps Tx…
-
aFleX to send traffic to a multiple pool based on the hostname and redirect to U
How to send the traffic to multiple pools based on hostname and redirect URI to path I am trying below script but it is not working. Can some one tell me working script. when HTTP_REQUEST { if {[HTTP::host] matches "abc.in" and not ([HTTP::uri] starts_with "/abc-api") } { HTTP::redirect "http://abc.in/abc-api/login" pool…
-
Question for initializing tcp session
Hi all, Loose initiation is One of the profiles options on F5 and it is useful for stateful services. The Loose initiation option allows the BIG-IP to initialize a connection when any TCP packet is received, rather than requiring a SYN packet for connection initiation. I'm looking for the option like Loose initiation in…
-
aFleX - Request client certificate to authenticate .
It can request authentication key when the url https://meudominio.com/LoginCert or https://meudominio.com/RegisterCert is accessed ? Below is a sample configuration when CLIENTSSL_CLIENTCERT { set client_cert [SSL::cert 0] log local0. "[X509::whole $client_cert]" } when HTTP_REQUEST { if {([HTTP::uri] starts_with…
-
How to perform server and port health monitors in transparent mode
I am setting up new A10s configured in transparent mode. There are many VLANs in use and eth1 connects up to the firewalls, and eth2 connects down to the switches. Both ports configured as trunks. I use a customer partition, so on the entire device the only IP addresses in use are the mgmt0 interface, and a dedicated vlan…
-
Source IP Load Balancing w/ class-list
################################################### aFleX script to provide Source IP load balancing# decision for a service-group.# (Currently this is not supported with bw-list in ADP)## The class-list for the IP list is called# "cl-ips" (default) and has# to contain the following data:# / # # For example:# 10.10.10.0…
-
VRRP
Hello I wonder whether the setting of the VRRP MD5 Settings If possible, I hope you tell us a little CONFIG Thank you for you
-
A10 for Transparent Proxy Authentication
Hi guys, I'm not sure whether I should post it under general or aflex subforum because I don't know if it will need aflex or not. The idea is I'd like to add authentication simultaneously with current transparent proxy system using WCCP and Squid. While Squid states in its FAQ that it can not use authentication with…
-
Cisco Twinax Cables
Hi Everyone, I am looking to connect a couple of 3030S to some Cisco Nexus 5k switches using 10Gb interfaces. The cheapest option would be to use Twinax cables rather than buying individual SFP+ modules for both the A10s and Ciscos. I have asked A10 Support if Twinax cables are supported and got the the following reply:…
-
Block Exchange ECP externally
I am trying to block Exchange ECP(2013)from external access. I am having issues with the aFlex rule below: when HTTP_REQUEST { if { HTTP::uri] starts_with "/ecp" } { drop } } In the GUI I get a Warning: aFlex syntax error:line 3;"syntax error in expression"Http::url]starts_with "/ecp" ":variable ref.."" What have done…
-
Edit aFlex redirect rule to play a bit nicer with URL
Hello, I am hoping there is an aFlex solution for what I'm trying to do - I currently have an aFlex rule that is: when HTTP_REQUEST { if { not([HTTP::host] equals "www.mydomain.com")} { HTTP::respond 301 "Location" "http://www.mydomain.com" } } Basically saying that if the user does not type www., a hard redirect will…