-
VCS message: vMaster is inconsistent with vBlade 0
Hello, we implemented 2 new AX3200-12 with ACOS 2.7.2-P6, build 65 as VCS. Everything is working fine, vMaster and vBlade are up an running and config changes on vMaster are synced to the vblade. Now to my question: On the vMaster I can see every minute the following log entry: Nov 17 2015 17:56:22 Info [VCS]:vMaster is…
-
Understandint WAF implementation Jscript_Defs
Hi All, I am just looking the WAF capabilities of our new 3030S devices. I have implemented a basic policy in Learning mode and our QA testers have raised that some of the web page forms are failing now. looking at the logs I see the following entry "Javascript pattern detected! test+programme+description matches #91 in…
-
SSL security and Service group selection
Hi, I am currently using an a script that redirects incoming requests to specific service groups based on the host and uri. This is used for various stages in our software testing and QA cycle, an excerpt of the script can be found below: # Provides Service Group Selection based on both Host and URI when HTTP_REQUEST {…
-
Destination IP hash vs Destination IP Only Hash
Can someone please briefly explain to me what are the difference between destination ip hash and destination ip only hash? Thank you very much.
-
Question for SHA256bit for SSH management
Hi all, Does Thunder Series support SHA256 for SSH management?
-
Health monitor SMTP
I am in a managed environment and they just converted from ACE to A10. I have no documentation and I understand there is a standard health monitor for SMTP. First, is there a confiuration guide available somewhere? If not, can someone please post the standard SMTP health monitor? Thank you, CO
-
Measure the attenuation and transmission power
Gentlemen, I have a A10 TH930 in my infra and I'd love to know if is possible to measure the transmission and attenuation power (dB) of my optical system. Are there some specific command in A10 Cisco like: # show controllers [interface] phy ... Thresholds: ... Temperature: 28.484 Voltage: 3.317 Volt Tx Bias: 3.630 mAmps Tx…
-
aFleX to send traffic to a multiple pool based on the hostname and redirect to U
How to send the traffic to multiple pools based on hostname and redirect URI to path I am trying below script but it is not working. Can some one tell me working script. when HTTP_REQUEST { if {[HTTP::host] matches "abc.in" and not ([HTTP::uri] starts_with "/abc-api") } { HTTP::redirect "http://abc.in/abc-api/login" pool…
-
Question for initializing tcp session
Hi all, Loose initiation is One of the profiles options on F5 and it is useful for stateful services. The Loose initiation option allows the BIG-IP to initialize a connection when any TCP packet is received, rather than requiring a SYN packet for connection initiation. I'm looking for the option like Loose initiation in…
-
aFleX - Request client certificate to authenticate .
It can request authentication key when the url https://meudominio.com/LoginCert or https://meudominio.com/RegisterCert is accessed ? Below is a sample configuration when CLIENTSSL_CLIENTCERT { set client_cert [SSL::cert 0] log local0. "[X509::whole $client_cert]" } when HTTP_REQUEST { if {([HTTP::uri] starts_with…
-
How to perform server and port health monitors in transparent mode
I am setting up new A10s configured in transparent mode. There are many VLANs in use and eth1 connects up to the firewalls, and eth2 connects down to the switches. Both ports configured as trunks. I use a customer partition, so on the entire device the only IP addresses in use are the mgmt0 interface, and a dedicated vlan…
-
Source IP Load Balancing w/ class-list
################################################### aFleX script to provide Source IP load balancing# decision for a service-group.# (Currently this is not supported with bw-list in ADP)## The class-list for the IP list is called# "cl-ips" (default) and has# to contain the following data:# / # # For example:# 10.10.10.0…
-
VRRP
Hello I wonder whether the setting of the VRRP MD5 Settings If possible, I hope you tell us a little CONFIG Thank you for you
-
A10 for Transparent Proxy Authentication
Hi guys, I'm not sure whether I should post it under general or aflex subforum because I don't know if it will need aflex or not. The idea is I'd like to add authentication simultaneously with current transparent proxy system using WCCP and Squid. While Squid states in its FAQ that it can not use authentication with…
-
Cisco Twinax Cables
Hi Everyone, I am looking to connect a couple of 3030S to some Cisco Nexus 5k switches using 10Gb interfaces. The cheapest option would be to use Twinax cables rather than buying individual SFP+ modules for both the A10s and Ciscos. I have asked A10 Support if Twinax cables are supported and got the the following reply:…
-
Block Exchange ECP externally
I am trying to block Exchange ECP(2013)from external access. I am having issues with the aFlex rule below: when HTTP_REQUEST { if { HTTP::uri] starts_with "/ecp" } { drop } } In the GUI I get a Warning: aFlex syntax error:line 3;"syntax error in expression"Http::url]starts_with "/ecp" ":variable ref.."" What have done…
-
Edit aFlex redirect rule to play a bit nicer with URL
Hello, I am hoping there is an aFlex solution for what I'm trying to do - I currently have an aFlex rule that is: when HTTP_REQUEST { if { not([HTTP::host] equals "www.mydomain.com")} { HTTP::respond 301 "Location" "http://www.mydomain.com" } } Basically saying that if the user does not type www., a hard redirect will…
-
tcp-options
Hello, We're migrating our current LB from ACEs to A10. One particular Sfarm on ACE has the following option: parameter-map type connection TCP_IDLE_30 set timeout inactivity 1800 set tcp timeout half-closed 600 tcp-options selective-ack allow From Cisco: selective-ack - Allows the ACE to inform the sender about all…
-
Draining a Virtual Service
Hi All, I am setting a A10 vThunder running 4.01 for a Oracle forms instance.... the DBA team would like to drain the virtual service for when a maintenance window takes place. I have looked in to the Graceful shutdown either I'm not configuring it right or some thing else is happening because if I disable a server it just…
-
health monitor snmp
Hello, I need information about health monitor SNMP because I need to pass that configuration of CISCO to A10. Cisco: probe snmp snmp_tomcat7djwfp port 161 interval 3 faildetect 5 passdetect interval 5 community monsti oid iso.3.6.1.4.1.2021.8.1.101.1 type absolute max 666667 threshold 3000 A10; health monitor…
-
CLI command to display cert info
I need to keep track of several devices and their cert expiration dates. Is there a cli command to show me all the device certs with their expiration dates?
-
log unknown
Hello, Today I have a problem with A10 Networks version 2.7.1-P1. when I saw the information about "#show log", I didn't understand the problem because I never had seen the following information: Sep 21 2015 09:18:31 Notice [LOGGING]:A10LOGD received partition creation event from daemon. Sep 21 2015 09:18:31 Notice…
-
External Health monitor - check SNMP info from servers
Hello, I´m having the following requierement: Need to get the snmp information of the servers I´m load balancing, and when the CPU and MEMORY pass over 90%, put this server on maintenance mode, so won´t receives new clients, but still maintains the connection for currents clients. Then, after the CPU and memory decreases…
-
Health Monitor - POST xml
Mark Cronin -- 9/11/2015 Please can you help - I am trying to create a health script that POSTs an XML request to a server and expects a 200 OK code back. Here is the XML reqest <?xml version="1.0" encoding="utf-8" ?><Request type="Heartbeat"><Field name="ChainCode">191</Field><Field name="PropertyCode">191</Field><Field…
-
how to ssl offload ftp
Hello, I was wondering is it possible with firmware 2.7.2-P4 on a Thunder to ssl offload ftp. I tried it with the ftp-proxy type where i can assign een client ssl but if i do a telnet to port 990 i still get a plaintext response. With regards, Richard
-
Can I refer to an ACL within an aFlex?
Hi there, I have two pools that should explicitely be used depending on the clients source IP-adresses, and this already seems to works with the following aFlex example: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] } { pool POOL1 } else { pool POOL2 } } The problem is, that we have multiple…
-
Virtual service with https_redirect monitoring
Hello, We have a few VServices configured with an A-Flex script for https_redirect. When monitoring the VIP, this VService is shown as "Functional Running", with the green arrow and little red arrow on top. I believe this is because we dont have any Service Group associated, since its only redirecting taffic to another…
-
Controlling against the specific DNS query
Hi All, I have one private DNS server in ineternal area and one ACOS device. All of traffic destined to ACOS device. I looking for how to control the DNS request query to the public DNS in the internet. Drop the query from internal to internet and then show the internal user the warning page or redirect the qurey to…
-
SSl Insight not working
Hello Everyone, Please I'd appreciate your cooperation on this issue Currently I have two appliances connected as back to back for ssl insight, 1 internal and the other external, after making the configuration many times as per the guide, 443 is not working, I can reach http website, but nothing to https regarding the…
-
Backup ACOS 4 configuration using Api
Is there an example available that allows me to backup the system configuration of the A10 using ACOS 4 via aXapi?
