-
Can we test the ADC features on the A10 CFW?
The customer wants to test Web Application Firewall and load balancer feature on the A10 Thunder ADC. Currently, we do not have an A10 Thunder ADC physical appliance but do have an A10 Thunder 3350-E CFW. Can we test the ADC features on the A10 CFW? The customer specifically requests testing for the following ADC…
-
Configure VIP
Hi All, I have a model with Trunk, VLAN, LACP configured on 2 ports connecting to 2 Firewall servers and clients. However, from A10 I can ping the server and client. From the client I can ping the VE on A10, but cannot ping the VIP. Thanks
-
Static NAT
Hello! I would like to request your help, I have a thunder which is performing the nhld function with two ISPs and 3 published sites, internet browsing and published sites work correctly, but there is a nateo that is made from one of the ISPs to a Private IP address (LAN) this nateo is used for SSL VPN connection in a…
-
How to perform a case-insensitive match of the requested URL path.
Hello, How can I perform a case-insensitive match for the requested URL path? For example: when HTTP_REQUEST { if { [HTTP::path] equals "/NotificationServer" } { pool example_service-group } } And a case-sensitive example is: http://host/NotificationSERVER Regards
-
Virtual Server UP/Down check via API
Hi all, I want to know is it possible to check if the slb virtual server is up or down via API ?
-
GSLB Site
Hi When the GSLB Gateway site fails, do the SIPs related to this site go down in the gslb zone?
-
Redirect traffic based on Destination IP
Hi guys I´m trying to redirect traffic based on destination IP using an Aflex, for example if a internal user sends traffic to 20.20.20.20 the A10 will redirect the traffic to a specified service group Aflex: Test #1 when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 20.20.20.20] } { pool APACHE } } Test #2…
-
"msg": "Could not create health monitor -> Reach max account limitation”.
While adding addition health monitors on our exsisting TH1080 A10 boxes we are getting below error "msg": "Could not create health monitor -> Reach max account limitation”. Is it something related to resoures for health monitors reached maximum ?
-
DNS Response as Authoritative from GSLB server mode A10
Hi I want to configure the a10 to response as Authoritative so when someones quieres a FQDN in the A10 as server mode they will get the Authority flag = 1 I attach some screenshoots from my lab As you can see in the second screenshot authority = 0 Thanks for the help!
-
SNAT from Health Monitor
Hello First time posting here and new to A10..... hopefully I'm within guidelines :-) I'm currently trialing the 4.1.4 P10 software in our lab and can't get the real servers to come up. The reason is, the real servers are UAT servers in the prod network but the ADC is in our lab, where the IP's are not routable from prod.…
-
F5 automap feature
Hi, I have one F5 with irule contain "automap snat", this functionality allows changing the IP when the destination is local to one of the F5 in order to prevent asymmetric routing. The automap options tells to BIG-IP to decide what source ip to use to reach the destination network. I rule like this when CLIENT_ACCEPTED {…
-
virtual-server with two service-group
Hi team I've a virtual server with a specify IP, but I need associate differentes service-group because the service will be use always the same IP. How I can associate for the same port (in my case 80) differents service-group for SLB? Thank you
-
[T&C] HTTP/HTTPS URL Filtering with Thunder ADC/CFW
In this article, we will look at how you can do HTTP/HTTPS URL filtering using Thunder CFW. Download and install web category license and database First, make sure you have the web category license on the Thunder device: vThunder#sh license-info…
-
TACACS with Cisco ISE
I have been trying to set up TACACS authentication via Cisco ISE on an A10 ADC, but haven't been able to find much for configuration documentation, options and examples. Does anyone have any of these? Or know where I could find them? Any assistance would be greatly appreciated. Thanks
-
How to add interfaces to an existing trunk-group in aVCS environment with ADP.
Hello everyone. I hope you are great. We have this problem: We have a cluster of two A10 Thunder 930 with aVCS and 8 L3V partitions. Both Thunder 930s have two Ethernet interfaces in a trunk group with LACP. All partitions (including the "shared" partition) use this trunk group. We need to add ethernet interfaces to the…
-
An issue of Link Load Balacing with ipv6
When I update the BW-List with IPv6,something wrong with that,following is the output: "BW-List was updated, but failed to parse file. There are 10 parse errors in line 1, 1, 2, 2, 3, 3, 4, 4, 5, 5 in Black-White List chinaalli_pv6."
-
A issue about session persistence
Clients access the VIP by SSL VPN,all the client's ip was NAT to sslvpn ip-10.182.21.141,so the A10 load balalncing the request to single real server and port,the A10 use source ip persistence method. At the end,all other real server has no http request,all requst go to the same one real server-10.182.43.171:9002. so how…
-
Radius LB DSR Mode
Hi Experts, Do you have a technical reference for load balancing Radius Server in DSR mode? The traffic flow will be something like this(see attached image). I am not really sure if this is the right behavior so I am asking if you can share some good references with regards to this deployment. Thank you.
-
[T&C] Automate Application Delivery Operation Tasks with A10 and HashiCorp NIA
This article describes how you can use Thunder ADC integrating with HashiCorp Network Infrastructure Automation (NIA) solution which focuses on Day-2 networking tasks automation that can reduce the burden on operators caused by manual ticketing systems. This solution consists of four components including HashiCorp…
-
http response status stats
Hi, On ADC with ACOS 4.1.1 by default http response stats sampling works on real servers ports, but not on VIP. After upgrade to 4.1.4 situation was reversed - http response stats sampling works on VIPs, but not on real servers ports. Configuring on server port "sampling-enable all" (or specific field) do nothing. slb…
-
Migrate ADC
Hi everyone, I need your recommendation , what is the best way to migrate all my configuration of 1040 appliances to 3350. I tried use backup and restore, but some objects don't work properly and snmp trap don't Send nothing. Best regards
-
Application Network Visibility using the Prometheus and A10 Thunder
This article describes how to set up Thunder ADC and Prometheus to gain application network visibility and operational insights using a visualization tool like Grafana. A10 Thunder supports a logging system to monitor resources like system (CPU, Memory usage), interface statistics, as well as service metrics and…
-
How to deploy Thunder Container ?
This article provides you the steps on how to deploy A10 Thunder in the cloud native environment. What is Thunder Container ? Thunder Container is a containerized ACOS image that is deployed by using Docker on a host operating system. It can be configured to operate as an Application Delivery Controller (ADC), Convergent…
-
Ansible Playbook Examples for ADC Features
This article provides some Ansible playbook examples for application acceleration and optimization features for Thunder ADC shown below. Each playbook uses the respective acos_axapi module for that feature. A10 acos_axapi module set consists of more than 1,600 modules. Module set can be downloaded from GitHub Repository:…
-
How to automate basic Thunder ADC config using Ansible ?
Ansible is an open-source software tool facilitating configuration management, application deployment, IT, and infrastructure automation. The playbook used in this article provides the steps on how to configure basic Layer 4 VIP (virtual server) on Thunder ADC using Ansible. The playbook contains four “tasks” and uses…
-
Automated Service Discovery using HashiCorp Consul
This article describes how to use the Thunder ADC integration with HashiCorp Consul for automated application delivery. Thunder ADC directly polls associated services catalog from Consul periodically while serving user traffic for load balancing and application security. When service status changes are detected on the…
-
Renaming a partition?
Hi everyone: I'm wondering if it is possible to rename a partition. We have a "test partition" that suddenly became productive, so the current name isn't appropriate now. Any ideas?.... Thank's in advance
-
LB persistence in source-ip template VS. method in service-group
Hey All, Can anyone tell me the difference between enabling persistence in a source-ip persist template applied to a virtual server vs. enabling the src-ip-only-hash method in a service-group? Both seem to say the same thing and if so which would take precedence? (if the other were configured otherwise) slb template…
-
DUO Dag servers behind A10 Thunders
Anyone out there have any experience configuring DUO Dag HA environment behind A10 Thunders? I have some questions regarding the SSL client/server certs, SSL offload, and the health monitors.
-
reverse proxy skype for business AX1030
Hi, I'm hoping someone can direct me to a guide or blog that can help me setup a reverse proxy instance for our on-prem Skype for Business setup. I found an older guide for the AX series, but it's for lync running on windows server 2008. I recently upgraded to Skype4Bus 2015 & it's running on windows server 2012 STD…
