-
Aflex inside another Aflex
Hi I wonder if it is possible to use an Aflex inside another Aflex, for example when HTTP_RESPONSE { if { [HTTP::status] == 404 } { Aflex "ERROR-404" } } is this possible? Regards
-
slb template persist cookie template as command Aflex
How can I call an slb template persist cookie template as command in an HTTP event For example: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 192.168.1.10] } { pool example_server_group SLB slb template persist cookie "test" } }
-
Cookie Persistance
I have seen that some people prefer to use Aflex for cookie persistence, while others prefer to use an SLB template. Which do you think is the best?"
-
Redirect traffic based on Destination IP
Hi guys I´m trying to redirect traffic based on destination IP using an Aflex, for example if a internal user sends traffic to 20.20.20.20 the A10 will redirect the traffic to a specified service group Aflex: Test #1 when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 20.20.20.20] } { pool APACHE } } Test #2…
-
Destination IP rewrite NHLD
Hi Guys Is there a way to rewrite a Destination IP based in NHLD? For example if an internal client send traffic to the IP 1.1.1.1 the Wildcard will receive the traffic and the A10 will rewrite the destination from 1.1.1.1 to 20.20.20.20
-
How can I use a VS IP as a source NAT in WILDCARD VS
Hi, guys. I've observed instances in various clients where an SLB VS is configured alongside NHLD. When an internal client accesses the Internet, the SNAT is typically a pool or auto-NAT, based on our configuration. However, there are scenarios where exceptions are necessary, and an internal client must use the SLB VS IP…
-
ACME SSL certificate rotation not updated on HTTPS port
I'm on ACOS 5.2.1-P6 using A10 ACME client to generate SSL cert/key pairs. No problem obtaining the files and applying these to templates. I then tested rotation using the "force" option. The new certificate was created and shows as "bound". However, the HTTPS port with associated client-ssl template is still using the old…
-
[T&C] Deploy DNS recursive resolver using Thunder CFW
In this article, we will see you can deploy DNS recursive resolver using Thunder CFW. Setup This is what we want to achieve: By default, the Thunder device should resolve queries starting from the root servers. However, for the domain names ending in a10networks.com, it should use the response from a DNS service-group that…
-
F5 automap feature
Hi, I have one F5 with irule contain "automap snat", this functionality allows changing the IP when the destination is local to one of the F5 in order to prevent asymmetric routing. The automap options tells to BIG-IP to decide what source ip to use to reach the destination network. I rule like this when CLIENT_ACCEPTED {…
-
Unable to delete service-group
Please refer to the details below can delete unused service-group on standby device normally. l After a few days, I can delete several service groups, but there are still a few that can not be deleted. The same error message is displayed when deleting through gui. I think it may be related to current session. Oct 28 2021…
-
Radius LB DSR Mode
Hi Experts, Do you have a technical reference for load balancing Radius Server in DSR mode? The traffic flow will be something like this(see attached image). I am not really sure if this is the right behavior so I am asking if you can share some good references with regards to this deployment. Thank you.
-
CGN + ADC
Hi, We have a 1040S that we use primarily for CG Nat. We also have 3 HTTP video servers that have high demand on our network, and are currently statically load balanced. Can I load balance them using SLB with my Thunder, while maintaining CGNAT funcionality? Many thanks!
-
UDP session table aging - slb server forward packet reporting
I have two questions outlined below. But first the relevant config: When deploying / testing a RADIUS config with the following excerpt: slb template udp udp-fast-age idle-timeout 120 aging immediate slb virtual-server pa-rad-e2e x.x.x.x disable-when-any-port-down port 1812 udp service-group radius-public template udp…
-
Problem Insert Clien IP in HTTP Header
We have configured a HTTP Template for insert client IP in the Http Header, in the SLB VS configuration we have two apache server. The HTTP working properly in the Apache1 but Apache2 recived the HTTP Header with two X-Forwarded-For (IP Client and IP NAT) This is the configuration: A10PRO1-NEW-Active-vMaster[1/1][DMZ]#$…
-
DUO Dag servers behind A10 Thunders
Anyone out there have any experience configuring DUO Dag HA environment behind A10 Thunders? I have some questions regarding the SSL client/server certs, SSL offload, and the health monitors.
-
SNI and AFLEX
Hi all, I have a problem with aflex configured on a VIP with a SNI template applied. On the VIP I have exposed application for domain1 (the default certificate in the SSL template) and 2 services for domain2. SNI template i sworking fine but now I need to add on the VIP an aflex like this: #Rewrite if {[HTTP::host] matches…
-
SLB SCCM
Hello Guys: Does anyone in here has use case or has an experience to setup an Server load balancing for Microsoft System Center Configuration Manager(SCCM)application server? Any feedback is highly appreciated. Cheers, netcrawler
-
Link Load Balancer using AX
Hi, Does anyone here deployed A10 AX as Link Load Balancer with GSLB inbound traffic server mode or subdomain mode? can you please share your running configuration as a reference. Kindly share your ideas about it Thanks you in advance
-
Supporting IMAP IDLE - AX SLB
Has anyone implemented multiple IMAP servers behind the AX2500 or AX3030 SLB and created custom configuration to support the IMAP IDLE function? The IMAP IDLE spec is here: http://tools.ietf.org/html/rfc2177 My initial thinking was to create TCP and TCP Proxy templates (we support both IMAP and IMAPS through SSL offload on…
-
promiscuous
What is promiscuous VIP and why we enable promiscuous when we use wildcard VIP 0.0.0.0
-
Snat on vip clarification
Will I get the same result if I configure snat-on-vip, not configuring any snat or configuring snat with a snat pool that have the vip ip address only? what is the difference between configuring: 1- slb snat-on-vip 2- NOT configuring any snat 3- slb snat source nat-pool with pool that include a single ip address which is…
-
Service group description using aXAPI
How can I specify a description when creating a service group using the aXAPI (REST API)? I tried specifying it under key 'description', but the created service group does not have the description. Also aXAPI does not show the description of a service group created with using the Web GUI. I also want to edit service group…
-
Geolocated redirect aFlex
Hi team, Just a quick message to advertise about a specific aFlex adaptation I had to do. The actual iR**le is defined as following: when HTTP_REQUEST { set url [string tolower [HTTP::host]] if {$url ne "es.sites.xxx.com"} { switch [whereis [IP::client_addr] country] { ES { HTTP::redirect http://es.xxx.com } IT {…
