-
setting up keys for periodic backup?
Somewhat confused on the periodic backup option as there seems no way to setup keys (or not preferred a static user/password) between the a10 and the remote server where I want to send the system backup. This means that while SCP is listed it's not possible as it will request a password rendering an automatic backup…
-
Error when creating partition
Hi Gurus, I've a strange error when creating a new partition: shlbpr01-Active-affinity-def-vMaster[1/1](config)#partition PROD network-partition Creation of partition 'PROD' failed: Can not open WAF policy file. Note that partation is still created. Any ideas what is missing ? Thanks & Best Regards, Jean-Christophe
-
GSLB deployment stages explanation needed
Hello Gents, I'm new to A10's GSLB and have difficulties to make PoC for customer. Customer has toplology similar to those in attach. 2 ADCs must be deployed on the 2 different POPs where real servers deployed (WEB on POP1 and DNS on POP2). There is full ip connectivity between test PC on top of scheme and VIPs on the…
-
Health Checks in Multitenancy and DDNS in GSLB environment ?s - Training Class
Questions from our Customer Training Course: Health Checks in a multitenancy environment – how it interfaces with AX when recovering environment is not active? How to reduce the latency for failover? How to mitigate services for Dynamic DNS in a GSLB environment? Are there any benefits for DDNS in a GSLB environment?
-
add URI to request
How do I add a URI suffex to an HTTPS request using aFlex? https://domain.com (add /page/page1.htm) https://domain.com/page.page1.htm
-
Copy X-Forwarded-For into custom header
Hi, Does anyone know if there is a way to copy the source ip from "X-Forwarded-For" into a customer header? We're trying to preserve the true source IP from users after traffic is sent to our A10 from a proxy firewall and our application uses a custom header for specific functionality. I'd imagine this is plausible with…
-
aFleX: Bruce Force Attack Protection
Hi A10 vADC Community, I would like to share to the A10 vADC community a custom aFleX script created by an A10 SE(Jose S.). This aFleX script mitigates and protects the A10 ADC from BruteForce attacks. This is a very useful script and customizable based on parameter preference. I strongly suggest to implement this script…
-
bypass traffic on A10
Dear everyone, I have one AX3030. My boss requires to deploy A10 load balancing ADC: when A10 fails, all traffic will bypass A10 and the traffic will be no interrupted. Which mode deployment of A10 supports the above requirement? Thanks for support. Khang
-
Doable? VIP on one network, real servers on another
Hi Folks, I have my AX's in one-arm mode. Normally I create a VIP and set a Source NAT IP that are both on the same network as the real servers. EG. VIP 10.10.10.200, SNAT 10.10.10.199 to 10.10.10.200, and real servers 10.10.10.30 and 10.10.10.31. Is it possible to change the VIP to another network? EG. somewhere on…
-
Backup AX from script?
Posted by rvandermey Does anyone have a way to backup an AX via a script? I'd like to schedule a daily backup of the config. I've tried using plink.exe to automate an ssh session but I'm not having any luck. This is what I see when I use -v for verbose output: Connecting to 172.25.85.250 port 22 Server version:…
-
Force persistence to a server for testing
################################################# # # Test specific server in pool # (c) A10 Networks -- MP # v1 20140128 # ################################################# # # aFleX script that allows you to create easy # persistence to a specific server in a pool. # # To test: http:///test: # To stop: http:///notest # #…
-
making a http site https
Posted by jmaddox is there a "fill in the blank" aflex that can be used to rewrite hardcoded hrefs in ssl offloaded applications?
-
Comments in Class List how to?
Can you put a comment in a class list like you can with an aFlex. We have a large number of IP Addresses and I would like the ability to comment who they are #Example 210.54.2.83 /32 203.41.229.134 /32 157.155.224.6 /32 157.155.224.7 /32 is it s # or a ; for comments? thanks in advance Bryce
-
MS APP-V
Hi, Is anyone using A10's to load balance MS App-V streaming servers? I am struggling to find any documentation so was hoping someone may have already done this and could share their experience. Cheers Darren
-
CSR for Wildcard SSL Cert
Just submitted a tech support ticket for this. How would I generate a CSR to purchase a Wildcard SSL Cert? I've used SANS certs before and it is no different than purchasing any other cert, you just define the SANs on checkout at the CA. I think a wildcard might be different. Has anyone here used a Wilcard SSL Cert on the…
-
GSLB with Proxy Server Deployment
Hello, Is there is any deployment guide especially for Explicit Proxy Servers load balancing using GSLB? i got the general GSLB guide already. I want to do GSLB for our proxy servers deployed in different location and we are using local subnet. Br, Faisal
-
Master Class List
Is it possible to create a master class list that would reference sub class lists?
-
1 VIP to 15 Websites same ports
Currently in the process of implementing A10, to replace our ISA 2006 server. Currently we use 1 external ip address for all our reverse proxied websites. We want to setup one VIP for access to these internal websites. All of these websites go over port 443 or port 80 Some of the websites are on seperate servers but a few…
-
Use Nagios to Monitor VThunder
Does anyone know how I can use nagios to monitor the vthunder server? can I just treat it like a normal linux box.
-
NTP Reflection Attack
Hello All, This aflex may be used to protect against a NTP Reflection Attack (CVE-2013-5211). Apply this to the virtual service for NTP, udp port 123. # This aFleX detects and drops the NTP Reflection attack -reject Monlists # Refer to https://www.us-cert.gov/ncas/alerts/TA14-013A when CLIENT_DATA { binary scan…
-
BGP peering between 1030S and Juniper problem ?
Is their a known issue setting up BGP peering between (ACOS) version 2.7.1-P1 and juniper. On our 1030S i couldn't set up eigrp connection between us and a pair of juniper routers from our serviceprovider. We kept getting this in sh ip bgp neighbors. Connections established 0; dropped 0 Capability error: unknown capability…
-
Proxy Pass Rule
Hi guys, I need a proxy pass rule to send the connection from /PortalTransparencia to /PortalTransparencia/HomeTransparencia I can´t use HTTP::redirect
-
DNS NXDOMAIN Attack Aflex
All, this may be used as a template to protect against DNS NXDOMAIN attacks. The aFlex will dynamically build a table of FQDNs based on observed DNS replies that are 'NXDOMAIN'. Entries are stored for an hour (3600 seconds). Subsequent requests for these FQDNs are blocked. when RULE_INIT { set ::holdtime 3600 } when…
-
Migrating ACE to A10 Thunder
Hi, We're currently migrating two ACE blades into two A10 1030 Thunder. Is there a tool available to migrate Cisco CLI config into A10 ACOS cli? Cheers, Vasco Costa
-
variable scopes only for one virtual sever or one request
Hello. I want to operate multiple stage environments(development, staging, production) in a partition. For those environments, I want to use same aflex policies as many as possible. I had looked for use following aflex policies. staging_env.tclwhen RULE_INIT { set ::global::target_service = "staging_service_80"}…
-
Health check from xAPI
How can I check if a service is up or down from the HTTP API (xAPI)? (The 'status' key in the server JSON only represents "enabled" or "disabled".) I think the CLI commands for getting the status are: health-test <ip> monitorname <name> health-test <ip> port <port> The system.performance.get method reports statistics for…
-
Simple Connection Rate Limit
I'm having some really odd results in using the following aFlex rule. I would expect that the logic would reject inbound requests for a period of 20 seconds following 10 consecutive bad requests. After 5 (not 10) I see the blocks and once the delay time has expired I see the requests fulfilled. However without sending any…
-
AX3400 and dynamic IP NAT configs?
So I've upgraded to 2.8.1-SP1 and am setting up dynamic NAT. Still rather new to the AX platform(s), so I'm walking through the config with the admin guide and the 2.8.1 release notes ... The 2.8.0 admin guide has "ip nat inside source list acl-name pool {pool-name | pool-group-name}" for the mapping of the ACL to identify…
-
Snat on vip clarification
Will I get the same result if I configure snat-on-vip, not configuring any snat or configuring snat with a snat pool that have the vip ip address only? what is the difference between configuring: 1- slb snat-on-vip 2- NOT configuring any snat 3- slb snat source nat-pool with pool that include a single ip address which is…
-
"Sorry page" and connection limits
Hello I've been looking into 2 things, the first being a sorry page for when our servers are down and I'd like to have my page in the loadbalancer. Is aflex the best solution to this? To do a simple check if our SGs are down, display sorry page instead? Can the LB display HTML only or is it possible to have an image in…
