-
Master Class List
Is it possible to create a master class list that would reference sub class lists?
-
1 VIP to 15 Websites same ports
Currently in the process of implementing A10, to replace our ISA 2006 server. Currently we use 1 external ip address for all our reverse proxied websites. We want to setup one VIP for access to these internal websites. All of these websites go over port 443 or port 80 Some of the websites are on seperate servers but a few…
-
Use Nagios to Monitor VThunder
Does anyone know how I can use nagios to monitor the vthunder server? can I just treat it like a normal linux box.
-
NTP Reflection Attack
Hello All, This aflex may be used to protect against a NTP Reflection Attack (CVE-2013-5211). Apply this to the virtual service for NTP, udp port 123. # This aFleX detects and drops the NTP Reflection attack -reject Monlists # Refer to https://www.us-cert.gov/ncas/alerts/TA14-013A when CLIENT_DATA { binary scan…
-
BGP peering between 1030S and Juniper problem ?
Is their a known issue setting up BGP peering between (ACOS) version 2.7.1-P1 and juniper. On our 1030S i couldn't set up eigrp connection between us and a pair of juniper routers from our serviceprovider. We kept getting this in sh ip bgp neighbors. Connections established 0; dropped 0 Capability error: unknown capability…
-
Proxy Pass Rule
Hi guys, I need a proxy pass rule to send the connection from /PortalTransparencia to /PortalTransparencia/HomeTransparencia I can´t use HTTP::redirect
-
DNS NXDOMAIN Attack Aflex
All, this may be used as a template to protect against DNS NXDOMAIN attacks. The aFlex will dynamically build a table of FQDNs based on observed DNS replies that are 'NXDOMAIN'. Entries are stored for an hour (3600 seconds). Subsequent requests for these FQDNs are blocked. when RULE_INIT { set ::holdtime 3600 } when…
-
Migrating ACE to A10 Thunder
Hi, We're currently migrating two ACE blades into two A10 1030 Thunder. Is there a tool available to migrate Cisco CLI config into A10 ACOS cli? Cheers, Vasco Costa
-
variable scopes only for one virtual sever or one request
Hello. I want to operate multiple stage environments(development, staging, production) in a partition. For those environments, I want to use same aflex policies as many as possible. I had looked for use following aflex policies. staging_env.tclwhen RULE_INIT { set ::global::target_service = "staging_service_80"}…
-
Health check from xAPI
How can I check if a service is up or down from the HTTP API (xAPI)? (The 'status' key in the server JSON only represents "enabled" or "disabled".) I think the CLI commands for getting the status are: health-test <ip> monitorname <name> health-test <ip> port <port> The system.performance.get method reports statistics for…
-
Simple Connection Rate Limit
I'm having some really odd results in using the following aFlex rule. I would expect that the logic would reject inbound requests for a period of 20 seconds following 10 consecutive bad requests. After 5 (not 10) I see the blocks and once the delay time has expired I see the requests fulfilled. However without sending any…
-
AX3400 and dynamic IP NAT configs?
So I've upgraded to 2.8.1-SP1 and am setting up dynamic NAT. Still rather new to the AX platform(s), so I'm walking through the config with the admin guide and the 2.8.1 release notes ... The 2.8.0 admin guide has "ip nat inside source list acl-name pool {pool-name | pool-group-name}" for the mapping of the ACL to identify…
-
Snat on vip clarification
Will I get the same result if I configure snat-on-vip, not configuring any snat or configuring snat with a snat pool that have the vip ip address only? what is the difference between configuring: 1- slb snat-on-vip 2- NOT configuring any snat 3- slb snat source nat-pool with pool that include a single ip address which is…
-
"Sorry page" and connection limits
Hello I've been looking into 2 things, the first being a sorry page for when our servers are down and I'd like to have my page in the loadbalancer. Is aflex the best solution to this? To do a simple check if our SGs are down, display sorry page instead? Can the LB display HTML only or is it possible to have an image in…
-
Lost Enable Password
I have two of AX 2500 units that were purchased used off of Ebay, and the enable password for these units are unknown. I can log into both units with the default admin info however when trying to go into enable mode the unit prompts me for a password which is unknown. As long as I don't lose any licensing info resetting…
-
Zone transfer \ AXFR
Hi all, I'm trying to configure the AX so that he will be the primary DNS for a DOMAIN, the Domain is configured and functional for single UDP type queries (single sub-domain query) but For some reason AXFR queries are being dropped. when capture the request on the 'Debug gslb' i get an error stating "wrong query type" Is…
-
AX handling of Connection Limit
Hello I've been looking into making our AX3030 handle max connections towards our appservers so it doesn't let it overload the appservers and I can't find much info on how it handles connection limits and how we can fine tune it. First, I'd like a definition on Connection Limit, is it the amount of http requests? Another…
-
Using array of URLs to block access?
Hello I'm having issues with creating an aflex that has an array of urls that I want to block access to through the AX. I don't know how to handle the array correctly. I want to redirect to the site root whenever someone tries to access these urls. I've tried different variants of this script (that I tried to construct…
-
Selective debug
Hello, I wish to be able to make A10 add debug header informations in the response header when I add a certain header in the request. I dont want all the requests to be in debug mode, just the one I send. I ended up with this code : when HTTP_REQUEST { set ::DEBUG 0 # detection debug if { [HTTP::header exists "X-Debug"] }…
-
REST aXAPI service group member
Hello, I am trying to enable/disable a service group member using the aXAPI REST interface. I have managed to get the connected and read the state using REST/JSON. I can read the state using REST/JSON witht he method…
-
Geo-Location db
I am looking to start using geo-location with our GSLB config. The pre-loaded IANA db doesn't seem very specific within a country - or maybe I'm just reading things wrong. A problem I also see with this is that our physically diverse locations both show under the same net range in ARIN; since iana doesn't I can't assign…
-
AX Series Inbound Link Loadbalance Tutorial
Dear All: Where can I find the document about AX Series Inbound Link Loadbalance Sample config or tutorial~thks
-
VIPs and routed solutions
Looking for the pros and cons of where VIPs are defined. In a layer 3 setup a VIP can be either 'in front' of the AX (in network x) or defined 'behind' the AX in the same network as the real servers (network z). What's the recommended best practice and or under what situations would you use the alternative (your not best…
-
vThunder 30 days trial - default login/pass not working
Hi All, I got the 30 days trial version pf vThunder virtual appliance and i get the login prompt but the default admin password is not working. Both CLI (SSH/console) and web GUI is not accepting the default password. Any idea guys ? error msg -- Jan 31 2014 09:52:29 vThunder a10logd: [SYSTEM] The user, admin, from the…
-
Moving config to new context
I installed a new AX1030 and have completed the configuration but now we have decided to put that config into another context. so how do I move a config file from one context to another.
-
Determine Source IP and Port
I am totally new to aFlex so naturally, am totally lost. I have a VIP that I want to capture the sources IP and Port number. I have some success with the following: when HTTP_REQUEST { HTTP::header insert "X-Forwarded-For" [IP::client_addr] } This gives me the IP but only if it is http, not https (http_request error).…
-
MS Dynamics CRM 2011
Good Morning, Just starting with putting an Dynamics CRM 2011 installation behind our AXs. Had a look and can't see any specific documentation on A10s site, and was wondering if anyone else has done this before and got any pointers or gotchas they'd like to share. Cheers Stuart
-
traceroute error
I login to AX1000 console. And then, I traceroute 8.8.8.8 But, reply to me : AX1000-11#traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 40 byte packets 1 google-public-dns-a.google.com (8.8.8.8) 6.098 ms 6.022 ms 6.012 ms 2 google-public-dns-a.google.com (8.8.8.8) 2.015 ms 1.959 ms 1.950 ms 3…
-
F5 Config Migration Check and Help Needed
I got a orphan F5 require migration where encounter intermittent on services, the weird part is we are unsure of the services method; As from F5 we see the following which is unsure what it used for an require assistant to understand; - Listerner 10.160.1.42 -> What the used of this Listerner? - Default route used Router…
-
Service group description using aXAPI
How can I specify a description when creating a service group using the aXAPI (REST API)? I tried specifying it under key 'description', but the created service group does not have the description. Also aXAPI does not show the description of a service group created with using the Web GUI. I also want to edit service group…