-
root account
Can we access a root account of Thunder platform?
-
aFLEX for SIP SLB on Code bases
Will this script load balance SIP traffic? If Code 900 send traffic to node x.x.x.17 If code 903 send traffic to node x.x.x.18 Load balance rest of the traffic. when SIP_REQUEST { if { [SIP::to] starts_with "<sip:900" } { node x.x.x.17 } } when SIP_REQUEST { if { [SIP::to] starts_with "<sip:903" } { node x.x.x.18 } }…
-
Error [SCM]:JWT: result invalid
Hi All, can anyone shed any light on the following error message that I am seeing in the logs. I don't see any other log traffic. Just the this error message: Feb 29 2016 10:34:09 Error [SCM]:JWT: result invalid This has been ongoing for the last couple of days judging by log history. Thanks Ryan
-
Gre tunnel between a10 and server
How to configure a GRE tunnel on a10? My servers and the A10 are not in the same L2 network- But I would like to use DSR. I am have 2 options : ip-in-ip encapsulation or gre tunnel. Ip-in-ip is the best solution but my 2016 servers do not handle this encapsulation as expected. The only option left is gre tunnel. How to…
-
Reselect rserver depending of the server response URL after a 302
Hello We have a web server that is configured in a way that, if it detects an internal failure like in the DB, it returns a 302 code redirecting the request to a sorry page in a URL format http://<domain>/error I need to create an script or maybe a healthcheck that allows me to detect that response, and then reselect…
-
Control recursive DNS queries
Hi all, I'm wondering if/how in aFlex I might be able to allow or deny recursive DNS queries based off a source IP list. For example, if a remote IP not on the list has the recursive bit set in the query, the A10 will block the query outright instead of forwarding it to the DNS server.
-
Thunder 930 FAN/Power ISSUE
Hello This article places due to a problem with the Thunder 930 Model: Thunder 930 os: 2.7.1 P6 Logs: L4-Active # show enviroment Fan1A: OK-low / med Fan1B: OK-low / med Fan2A: OK-low / med Fan2B: FAILED Fan3A: OK-low / med Fan3B: OK-low / med Fan4A: OK-low / med Fan4B: OK-low / med System VOltage OK Oct 17 2015 14:52:43…
-
Server response redirected to other port.
Our team is looking for an aflex code that can rewrite the server response. We want to achieve in this aflex is to redirect first the traffic response from the server to 192.168.10.1:3013 for authentication login then after user successfully login redirect again to the other port 192.168.10.1:2011 which is the main…
-
aFleX for cookies httponly with one exception
Hello, I need to make a script aFleX for cookies with flag HTTPonly with one exception for cookie with name LID. I tried to use aFleX like below: when HTTP_RESPONSE { if {([HTTP::header exists "Set-Cookie"] and [HTTP::cookie contains "LID"])} { set cookie_value [HTTP::cookie "TestCookie1"] HTTP::cookie remove "TestCookie1"…
-
request-header-insert and client IP
Hi Is it possible to pass the client IP address using request-header-insert? I have tried the following but always end up with the literal rather than the client's IP address request-header-insert X-CLIENT-IP:[IP::client_addr] insert-always Many thanks Huw
-
Cannot distribute traffics evenly by using round robin
Hello All, Customer use the round-robin method without any persist template. Total sessions are not load balancing evenly below; Surely I checked again after clearing sessions. And the monitor of real servers was normal. But sessions still distributed evenly. I think this issue is limited to my customer......:) However...I…
-
Weak Diffie-Hellman - Custom DH Parameters
Hi All, I have just implemented some 3030S and migrated some services across in our production environment. The 3030S terminate SSL for the backend services. Out of curiosity I ran some SSL LABS test against the services and they all flagged errors with weak Diffie-Hellman key Exchange Parameters and therefore capped the…
-
Interface Speed and Duplex after upgrade.
Hi All, I have recently upgraded our 3030S from 2.7.2P6 to 4.0.1. I followed the upgrade procedure in the release documentation including parsing the backup through the python migration script. I encountered many issue when I rebooted and the applied the restoration of the config from the script. one of which is that I can…
-
Restrict Access to particular URLs
I am looking at the best way to only allow access to particular URLs on a VIP. One way I thought of was to use a aFlex script to allow/deny access. I have not found any specific scripts to do this, but I have found some for other providers. I am looking for the best most efficient way for latency/system resources to…
-
Replacing Web Certificate (for GUI)
I am beginning to config a recently-purchased Thunder 3030 and need to replace the web certificate. I have a wildcard cert that I use for most other objects in the network (*.company.com) and I am having problems trying to install the cert, key, and chain cert. Unfortunately the error is not very descriptive - all I see in…
-
AX1030 Still crashing opening large list ssl template
Hi, I am having issues with my ax1030 loadbalancers. When i try to open the list of client-ssl templates the machines locks up (no ping) and the slave becomes master. I have reported this many times to A10, but every time they say to wait for the next release. Each new release does not help me with this problem. I have a…
-
SSLi question for Dynamic Port Intercept with Single-appliance architecture.
Hi experts, For dynamic port intercept, I know that I have to configure two vlans between the two adc's. But when I deploy it with single appliance(using ADP), I couldn't configure same vlans with below error message. "This VLAN or Port is owned by another partition." Anyone can give me some idea or concept for the…
-
problem with my sorry server
Hello: I have two service-group,(servers X and sorry servers). When my primary service-group fail (all servers down) sorry server respond in other service-group (this step is okay) but when primary service-group came back, I (have) need to wait about 8 minutes (that time is a configuracion for sticky in primary…
-
NHLD VRRP
Does anyone here tried to setup a VRRP-A ACTIVE ACTIVE on NHLD? Kindly share your config. Thanks.
-
Bandwidth checking: SNMP load balancing for NHLD
Does anyone here tried to configure SNMP load balancing for NHLD ISP links bandwidth checking?
-
Deletion of connections when real a real server goes down.
Hi experts, I'm looking for solutions regarding connectivity issue when a real server goes down. Actually, I'm deploying Thunders for FWLB and tested for failover of Firewalls. When a firewall goes down, connected clients are failed to communicate as expected. I wonder the ACOS able to delete connections when health…
-
Question about VRRP log
Hi All I have been configured VRRP-A on the 4.0.x. What does the following log mean? Something wrong for configuring VRRP? Please advice. Nov 24 2015 18:30:50 Warning [HA]:VRRP-A device 1 partition 0 vrid 13 has different failover policy settings: failover policy used: 1 VRRP conifguration is; DEVICE#1 vrrp-a common…
-
aXapi for ram cache connecitions
I'm looking at the aXAPI for version AX Release 2.7.0 and am unable to find the method for ram cache connection information. Is there currently a web method to get this information or possible release date for this functionality?
-
IP Address already configured on an Interface - when trying to add IP to VE
Currently have one VE with an IP address configured, and trying to add a second one I get this error: IP Address already configured on an Interface. This is within a tenant partition. The IP address I am trying to add does not overlap with the other VE or the management interface under the shared partition. The A10 is…
-
Default Route Tracking
Hi all, I have a pair of 3030s running 4.01 that I am setting up in an aVCS VRRP-a pair that will replace a couple of Cisco CSS devices. One question I do have is on the CSS pair I track an upstream external router with an ICMP ping to check if it is 'Alive' if it fails to respond then it forces a failover in the pair so…
-
direct access disable
Hi everyone Please check configuration , which can not be accessed by the client directly to server request in this feature , you must apply to a10 existing equipment alteon from alteon to thunder 930(2.7.1 P6) migration thank you
-
Link Load Balancer using AX
Hi, Does anyone here deployed A10 AX as Link Load Balancer with GSLB inbound traffic server mode or subdomain mode? can you please share your running configuration as a reference. Kindly share your ideas about it Thanks you in advance
-
FPGA and Non-FPGA
what is the difference between the two?
-
Replace/Clear X-Forwarded-4 or insert if not existent
Hello, We're using the following script to insert an XFF header. when HTTP_REQUEST { HTTP::header insert "X-Forwarded-For" [IP::client_addr] } How do I change it to SET (not insert) a single header ? I mean if there is already an XXF, we want to clear it....before inserting our own. Thank you
-
Sticky session based on JSessionID
Hello everyone, Does anyone know if it is possible to create sticky sessions based on the JSessionID? Our customer requires load balancing for Oracle Application Server based on JSessionID. Is something like this possible using aflex? Many thanks in advance! Regards, Mat
