-
Upgrade 1030S - 2.7 to 4.1
Hello. I trying to update TH1030S running 2.7.1 to 4.1.1 but this error: "Please ensure enough space left in disk, a file system error was detected on the ACOS Web Server." PS: I tried via CLI/tftp and WEB. Any idea?
-
Inter partition Routing
Hello I am trying to do a Inter partition Routing, i did two lv3 partitions, one partition has 1 port with the network 10.0.0.0/24 and the other partition has other port with the network 11.0.0.0/24 but when i do a ping it says network unreachable ! partition P_IPSEC-1 id 5 application-type adc ! partition P_VXLAN-1 id 6…
-
Retrieve the highest number of requests
If I want to add one more rule which is to black list the highest number of DNS query when the total number of DNS queries exceed the threshold value (i.e. $totalcount). How can I retrieve the IP address which has the highest number of DNS query? set totalcount [table incr tmp_table [IP::client_addr]] if { $totalcount >…
-
What should be the format of class list for IPv4 and FQDNs
I've have been trying to create class lists for IPv4 and FQDNs by importing files hosted on a separate web server. What should be the format of the data in the files? I tried the following but keep getting the error "invalid format at line 1". Is the format below correct for FQDNs What should be the format for IPv4? str…
-
total connections
I want to see the total number of connections per VS server in a period of time in A10, how to view ?(for example, what is the total number of connections per IP in the past month)
-
Routing Traffic Via Inactive VRRP-A Machine
Hello everyone, since we're seeing weird timeouts to external services with any of the more recent versions greater than 5.2.1-p2, support suggested to set up some sort of debug environment for them to check. Is it possible to route traffic from physical servers via a virtual ethernet interface on the inactive machine…
-
Redirect 302 with aFlex
Hello, I need your help and knowledge on A10 with aFlex. I am trying to create a 302 redirect for a site that is published on the internet but when testing the redirect it does not execute it, this is my code so that you can guide me: when HTTP_REQUEST { if {[HTTP::host] == "https://recargaweb.imperial.com/" } {…
-
Block harmful traffic or attack via Websocket traffic
Hi Experts, We have a web server is running some services via Websocket traffic. Now we want to block harmful traffic, attacks like SQL Injection, XSS... like the WAF template works with HTTP traffic, but now is WebSocket traffic. Could you give me a detail aflex script or WAF template to do that. (One more point, we…
-
CGNAT + VRRP-A
Hi everyone, I have a new challenge and it is the following I have a CGNAT solution already implemented in datacenter #1 but they bought another appliance and they are going to put it in datacenter #2 which is several kilometers away. So I was assigned the task of configuring the VRRP-A solution between the two appliances…
-
Control CPU reaches 100 percent
Dear All, I m using A10 Thunder 1040. I observed that Control CPU is reaching 100 %. Please define What is control cpu? what is data cpu? How do I limit Control CPU for reaching 100 %. Would there be any impact on ADC functionality in case of 100% control CPU? Waiting for reply.
-
[T&C] Deploy NAT64 and DNS64 with Thunder CGN/CFW
In this article, we will see how you can deploy NAT64 with DNS64 using Thunder CGN/CFW to enable IPv6 clients to access IPv4 resources. Setup Here is an overview of the setup and the overall functionality (DNS64 and NAT64): Base configuration Here we have the following base configuration on the Thunder device: ip dns…
-
ospf filter routes
Dear community, I have a scenario where one CGN have two internal routers with OSPF, each one have his own process ospf in the CGN, both routers publish one network in commun with the same distance and metric. The CGN select one of them to put in FIB, but, we need to put in FIB table the route anonced by the second router…
-
[T&C] Use Postman for A10 aXAPI calls
Postman is well known test tool and very convenient when it comes to executing APIs. It provides not only variety of API functionality including authentication, setting headers, customizing the payload, but also collaboration functionality for the teams dealing with API projects. This article explains how you can use…
-
Virtual Server with 443 (HTTPS)
Dear, I am new to A10 and I need to create a virtual server with a service group and its real servers in 443. When I finish the configuration and test the site in the browser, it gives me the following: bad request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an…
-
AxAPI Export or Download example?
I'm wanting to snag the fixed-nat port mapping file periodically and save it elsewhere, or in a database. I have managed to get the list of files, but I can't seem to figure out the export command. Could someone by chance share an example of how this would be done? In a perfect world i'd like to hit the API, get the file…
-
How to set up Harmony Controller ?
In this article, we will look at how to set up Harmony Controller after activating Controller and Thunder licenses. The next steps are to: 1. Check Networking Pre-requisites 2. On-board Thunder to Harmony Controller 3. Viewing Analytics and Insights Step 1: Check Networking Pre-requisites Communication between Harmony…
-
How to get started with vThunder Free trial ?
In this article, we will look into how you can sign-up & quickly set up your vThunder free trial in 30 minutes. This trial allows you to explore and test the benefits of A10 application service capabilities Convergent Firewall (CFW), Application Delivery Controller (ADC), Carrier Grade Networking (CGN), and SSL Insight…
-
virtual-server with two service-group
Hi team I've a virtual server with a specify IP, but I need associate differentes service-group because the service will be use always the same IP. How I can associate for the same port (in my case 80) differents service-group for SLB? Thank you
-
CVE-2022-0778
A10 PSIRT says: To mitigate this issue for ACOS management plane, avoid importing / exporting files using the HTTPS transfer method. Does it include GUI operation, which ACOS works as HTTPS server and does not verify certification and accept EC parameters either.
-
Get started with Harmony Controller Trial
Harmony Controller offers single-pane-of-glass management and analytics for A10 secure application services, including A10 Thunder® ADC, SSLi®, CFW, and CGN across on-premises data centers and public, private, and hybrid cloud deployments. It improves agility and efficiency with automation, thus reducing the need for IT…
-
[T&C] Getting started with Thunder ADC configuration using Terraform
In this article, we will see how you can use the Infrastructure as Code (IaC) tool Terraform to configure the Thunder ADC. The current configuration of the Thunder ADC is as follows: vThunder#sh runn !64-bit Advanced Core OS (ACOS) version 5.2.1-p2, build 117 (Jul-10-2021,17:40) ! ip dns primary 8.8.8.8 ! timezone…
-
Management port
Hi team Im new with ACOS software. How I can setup the management port and assign an address IP? Thanks,
-
SSLi in perimeter
Has anyone placed SSli in perimeter with ISP cables connected to it. I need decrypted traffic for my proxy & Perimeter firewall. Re-encryption happens after perimeter firewall. Can I keep the NAT, ISP IP, routing in perimeter firewall itself. SSLi-Out would have ISP cables connected and recencryption happening
-
SSLi traffic bypass
does SSLi has any hardware bypass option. Incase a device failure happens SSLi bypass all traffic?
-
Problem with ip nat pool configuration not deletable
Hi Everyone We have a problem with our TH1030S cluster(two TH1030S, VRRP-A and VCS). Advanced Core OS (ACOS) version 4.1.4-GR1, build 78 . I can't erase the following ip nat pool configuration. ip nat pool 172.17.12.0 172.17.12.11 172.17.12.30 netmask /24 ``` #no ip nat pool 172.17.12.0 NAT pool is in use. Try again after…
-
APPLICATION ACCESS MANAGEMENT Deployment
Hello everyone! I was asked by my company to provided a solution to deploy 2nd factor authentication for our web applications, without having to recode the application. I know there's some platforms as auth0 that can be used for this, but I'm just trying to find if it's possible to do it with the equipment that we already…
-
How to fix this issue for CVE-2011-1473
How to fix this issue for CVE-2011-1473
-
What is solution of A10 for API?
Hi everyone, Our customer have a web service system communicate with mobile app via API (RESTful API protocol). Now they want to a solution of A10 to support and protect this API. I have informed that is aXAPI, right? Please give me some advice about this issues Thanks
-
Thunder Kubernetes Connector with Thunder ADC
In this article, we will see how Thunder Kubernetes Connector (TKC) can dynamically configure the Thunder ADC for load-balancing traffic to a Kubernetes cluster. Setup The K8s cluster consists of: Master: 172.16.1.12 Node: 172.16.1.13 Node: 172.16.1.14 The Pod network is 192.168.0.0/16. The K8s version is: $ kubectl…
-
Realtime Memory High Performance
Hi everyone, I have a TH3030S device always in high performance of Realtime Memory status (85% - 88%) Although I have not set anything, only set ip management. How can I fix it and what is the root cause? Best regards!
