Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by guru

  1. Pool For this Application Template the following needs to be checked Properties LB mode: [ dynamic-ratio-member,dynamic-ratio-node,fastest-app-response,fatest-node,least-connections-member,least-connections-node,least-sessions,observed-member,observed-node,predictive-member,predictive-node,ratio-least-connections-member,ratio-least-connections-node,ratio-member,ratio-node,ratio-session,round-robin,weighted-least-connections-member,weighted-least-connections-node ] (Load-balancing mode) Monitors: [ http,https,icmp,tcp-half-open,tcp ] (List of health monitors (each by name or AS3 pointer) Members Service port: 80 (Service L4 port (optional port-discovery may override)) Administration State: [enabled,disable,offline] (Setting adminState to enable will create the node in an operational state. Set to disable to disallow new connections but allow existing connections to drain. Set to offline to force immediate termination of all connections) Share Nodes: Enabled checked (If enabled, nodes are created in /Common instead of the tenant) Server addresses: Editable (Static IP addresses of servers (nodes) Slow ramp time: 300 (AS3 slowly the connection rate to a newly-active member slowly during this interval (seconds)) JSON Detail { "properties": { "class": {}, "members": { "type": "array", "items": { "type": "object", "properties": { "servicePort": { "type": "number", "default": 80 }, "adminState": { "type": "string", "default": "enable" }, "shareNodes": { "type": "boolean", "default": true, "const": true }, "serverAddresses": { "type": "array" } } } }, "monitors": { "type": "array", "default": [ "http" ] }, "loadBalancingMode": { "type": "string", "default": "least-connections-member", "const": "least-connections-member" }, "slowRampTime": { "type": "number", "default": 300, "const": 300 } }, "type": "object", "additionalproperties": false } Here are the options that are not selected
  2. Persist All default options (nothing customized for this template) JSON Detail { "properties": { "class": {}, "persistenceMethod": { "type": "string" } }, "type": "object", "additionalProperties": false }
  3. HTTP_Profile All default options (nothing customized for this template) JSON Detail { "properties": { "class": {} }, "type": "object", "additionalproperties": false }
  4. Analytics_Profile For this Application Template the following needs to be checked Collected Statistics Internal Logging (Specifies that statistics logs are stored in the system) Collect Max TPS and Throughput (Specifies that the system collects statistics for the maximum number of transactions per second, and the maximum amount of traffic moving through the system, both request and response throughput values) Collect Page Load Time (Specifies that the system collects statistics of the round-trip latency between client end-users and the servers) Collect Client-Side Statistics (Specifies that the system collects statistics regarding the HTTP request and response times) Collect URL (Specifies that the system collects statistics of requested URLs) Collect Countries (Specifies that the system collects statistics of the name of the countries from which that traffic was sent) Collect Client IP Addresses (Specifies that the system collects statistics of the IP addresses of where the traffic came from) Collect Client Subnet (Specifies that the system collects statistics of client subnets) Collect Response Code (Specifies that the system collects statistics about the distribution of HTTP response codes returned by the servers) Collect User Agent (Specifies that the system collects statistics about browsers used to send traffic) Collect Method (Specifies that the system collects statistics about the distribution of HTTP methods found in requests) Collect Operating System and Browser (Specifies that the system collect statistics about the OSs and Browsers used to send requests) Which produces the following JSON Detail { "properties": { "class": {}, "collectUserAgent": { "type": "boolean", "default": true, "const": true }, "collectClientSideStatistics": { "type": "boolean", "default": true, "const": true }, "collectGeo": { "type": "boolean", "default": true, "const": true }, "collectUrl": { "type": "boolean", "default": true, "const": true }, "collectOsAndBrowser": { "type": "boolean", "default": true, "const": true }, "collectMethod": { "type": "boolean", "default": true, "const": true }, "collectResponseCode": { "type": "boolean", "default": true, "const": true }, "collectSubnet": { "type": "boolean", "default": true, "const": true }, "collectIp": { "type": "boolean", "default": true, "const": true }, "collectPageLoadTime": { "type": "boolean", "default": true, "const": true }, "collectMaxTpsAndThroughput": { "type": "boolean", "default": true, "const": true } }, "type": "object", "additionalproperties": false } The following are not selected Capture Filter Request Captured Parts [ all,body,headers,none ] (Specifies which parts of the request data the system captures) Response Captured Parts [ all,body,headers,none ] (Specifies which parts of the response data the system captures) DoS Activity [ any,mitigated-by-dosl7 ] (Specifies whether the system captures traffic data mitigated by the D0S Layer 7 Enforcer, or traffic regardless of DoS activity) Captured Protocols [ all, ] Qualified for JavaScript Injection Enabled (not checked by default) Virtual Servers Node Addresses Response Status Codes HTTP Methods URL Filter Type URL Path Prefixes User Agent Substrings Client IP Addresses Request Content Filter Search Request Content Filter Search String Response Content Filter Search Part Response Content Filter Search String Collected Statistics External Logging Captured Traffic Internal Logging Captured Traffic External Logging externalLogging Use (AS3 pointer to log publisher declaration) Bigip (pathname of existing BIG-IP log publisher) Notification by syslog Notification by SNMP Notification by Email E-mail Notification Recipients Publish iRule Statistics Collect User Sessions URLs for Statistics Collection Countries for Statistics Collection Subnets for Statistics Collection Session Cookie Security [ ssl-only,always-secure,never-secure ] (Specify whether to secure session cookies) Session Timeout in Minutes 5 (The number of minutes of user non-activity to allow before the system considers the session to be over)
  5. Add Classes to your AS3 Application Template Go through and select the following for this template Analytics_Profile HTTP_Profile Persist Pool Service_HTTP TCP_Profile NEXT its time to customize each class which creates the JSON Detail
  6. Here is the template used in BIG-IQ name: http-app-v1 tenant: check Editable Description: Custom HTTP template PROPERTIES { "type": "object", "properties": { "class": { "type": "string", "const": "Application" }, "template": {}, "schemaOverlay": {}, "label": {}, "remark": {} }, "additionalProperties": { "allOf": [ { "anyOf": [ { "properties": { "class": { "const": "Analytics_Profile" } } }, { "properties": { "class": { "const": "HTTP_Profile" } } }, { "properties": { "class": { "const": "Pool" } } }, { "properties": { "class": { "const": "Service_HTTP" } } }, { "properties": { "class": { "const": "Persist" } } }, { "properties": { "class": { "const": "TCP_Profile" } } } ] }, { "if": { "properties": { "class": { "const": "Analytics_Profile" } } }, "then": { "$ref": "#/definitions/Analytics_Profile" } }, { "if": { "properties": { "class": { "const": "HTTP_Profile" } } }, "then": { "$ref": "#/definitions/HTTP_Profile" } }, { "if": { "properties": { "class": { "const": "Pool" } } }, "then": { "$ref": "#/definitions/Pool" } }, { "if": { "properties": { "class": { "const": "Service_HTTP" } } }, "then": { "$ref": "#/definitions/Service_HTTP" } }, { "if": { "properties": { "class": { "const": "Persist" } } }, "then": { "$ref": "#/definitions/Persist" } }, { "if": { "properties": { "class": { "const": "TCP_Profile" } } }, "then": { "$ref": "#/definitions/TCP_Profile" } } ] }, "required": [ "class" ], "definitions": { "Analytics_Profile": { "properties": { "class": {}, "collectUserAgent": { "type": "boolean", "default": true, "const": true }, "collectClientSideStatistics": { "type": "boolean", "default": true, "const": true }, "collectGeo": { "type": "boolean", "default": true, "const": true }, "collectUrl": { "type": "boolean", "default": true, "const": true }, "collectOsAndBrowser": { "type": "boolean", "default": true, "const": true }, "collectMethod": { "type": "boolean", "default": true, "const": true }, "collectResponseCode": { "type": "boolean", "default": true, "const": true }, "collectSubnet": { "type": "boolean", "default": true, "const": true }, "collectIp": { "type": "boolean", "default": true, "const": true }, "collectPageLoadTime": { "type": "boolean", "default": true, "const": true }, "collectMaxTpsAndThroughput": { "type": "boolean", "default": true, "const": true } }, "type": "object", "additionalproperties": false }, "HTTP_Profile": { "properties": { "class": {} }, "type": "object", "additionalproperties": false }, "Pool": { "properties": { "class": {}, "members": { "type": "array", "items": { "type": "object", "properties": { "servicePort": { "type": "number", "default": 80 }, "adminState": { "type": "string", "default": "enable" }, "shareNodes": { "type": "boolean", "default": true, "const": true }, "serverAddresses": { "type": "array" } } } }, "monitors": { "type": "array", "default": [ "http" ] }, "loadBalancingMode": { "type": "string", "default": "least-connections-member", "const": "least-connections-member" }, "slowRampTime": { "type": "number", "default": 300, "const": 300 } }, "type": "object", "additionalproperties": false }, "Service_HTTP": { "properties": { "class": {}, "virtualPort": { "type": "number", "default": 80 }, "profileAnalytics": { "type": "object", "properties": { "use": { "type": "string", "default": "Analytics_Profile" } } }, "profileHTTP": { "type": "object", "properties": { "use": { "type": "string", "default": "HTTP_Profile" } } }, "virtualAddresses": { "type": "array" }, "pool": { "type": "string", "default": "Pool" }, "enable": { "type": "boolean", "default": true }, "snat": { "type": "object", "properties": { "bigip": { "type": "string" } } }, "iRules": { "type": "array" }, "metadata": { "type": "object", "properties": { "value": { "type": "string" } } }, "profileTCP": { "type": "object", "properties": { "use": { "type": "string" } } }, "persistenceMethods": { "type": "array", "default": [ "cookie" ] }, "clonePools": { "type": "object", "properties": { "ingress": { "type": "object", "properties": { "bigip": { "type": "string" } } }, "egress": { "type": "object", "properties": { "bigip": { "type": "string" } } } } } }, "type": "object", "additionalproperties": false }, "Persist": { "properties": { "class": {}, "persistenceMethod": { "type": "string" } }, "type": "object", "additionalProperties": false }, "TCP_Profile": { "properties": { "class": {} }, "type": "object", "additionalProperties": false } } }
  7. Just run this command to see what your uptime is on your F5 BIG-IP # tmsh run /util bash -c uptime 15:12:56 up 302 days, 15:10, 1 user, load average: 2.92, 3.23, 3.16
  8. Upgrade Instructions on how I upgraded our BIG-IQ from 6.1.0 to 7.0.0 First download the .iso from support.f5.com Log into BIG-IQ GUI and click on System - Software Management Click on Images and then the button Upload Image then browse to that .iso you just downloaded and click open. Then you have to click Upload and you'll see a status bar similar to the one I show below Now that the image uploaded now its time to install the image. So now click on System - Software Management - Installations Click the Upgrade button Now you need to select whether you want to do a Rolling Upgrade or Regular Upgrade. (Rolling Upgrade is great if you don't want any interruption and Regular Upgrade is for anyone that is okay with your BIG-IQ being down for awhile and if you have less than 3 DCDs) NOTE: the system will upgrade all DCD's first so you still have full use of BIG-IQ until it upgrades the BIG-IQ system appliance When they are at 100% you'll loose connection and it take a long long time before you get anything to pop backup on the GUI which below is one of the several screens that are displayed when its booting back up
  9. I have played aroune with Sublime Text, Atom, Eclipse IDE and I have been recently told to try Visual Studio Code. I have been trying not to since it has the name Microsoft in the name but I'll be honest, its pretty nice. I learned that this is very much like Atom or Sublime. Atom slows down with large projects where VS Code doesn't slow down at all. Some extensions I installed to help me out include: Rest Client – quick and easy testing of REST API (not as feature rich as POSTMAN, but good for quick testing) Python Prettier – For making JSON look indented (having issues installing based on a corrupt zip file) YAML – for ansible ANSIBLE Indented block highlighting – for highlighting the JSON block you are in (useful for F5 AS3) Project Manager – for easily switching between multiple projects There are so many videos to help you get going with VS Code.
  10. Waiting for the new version has been very painful as they keep pushing it back due to issues with BIG-IP 14.x Some major difference with 7.x from the current 6.1.0 support for clone pools support for one-connect Creation of applications using AS3 application templates (this is monsterous since now you will be able to create applications in the GUI that would mimic if you created the application via an API call to AS3 which allows user to control pool members).. its a requirement. We are trying to migrate from current Legacy LTMs to NEW LTMs which involves us 1. Export Certificate & Key from Legacy LTM 2. Import Cert & Key on BIG-IQ 3. Create SSL Client Profile using imported Cert & Key and cipher settings and options. Now when you deploy that application using AS3, you'll reference the SSL-Client profile.
  11. This example we are adding cache to our internal GTMs that are the first DNS servers configured on most servers so if we could get rid of alot of the noise coming to the Infoblox servers it would be nice. DNS cache settings are set with optimum values considering the cpu & memory resources available. None of these settings settings are propagated to other GTMs in sync group. DNS cache is something very local to the box ( configuration and maintenance ). Here are the instructions we run on each of our four internal GTMs Implementation:- 1.Create DNS cache as per below. DNS -> Caches -> click create Name:- non-wideip-resolver-cache Keep all default values. click Finished. Note:- Modifying cache size by default clears the cache of the respective field changed. 2.Apply cache created to the DNS profile which will eventually apply to the DNS listeners DNS ›› Delivery : Profiles : DNS ›› Properties : internal_dns DNS cache -> Enabled. DNA cache name:- non-wideip-resolver-cache Click Update Backout:- 1.Remove cache from the DNS profile which will eventually apply to the DNS listeners DNS ›› Delivery : Profiles : DNS ›› Properties : internal_dns DNS cache -> Disabled. Click Update 2.Delete DNS cache as per below. DNS -> Caches -> select cache name as per below. Name:- non-wideip-resolver-cache click Delete. Test plan:- 1.Please perform 100 digs and make sure it is server from the cache based of splunk logs. dig @ www.int.mywiseguys.com 2.Observe cache hits count increasing. tmsh show ltm dns cache resolver 3. Run the following command on each iGTM that will show Clientside queries and responses tmsh show ltm dns View resouce record cache size (its pretty large so you may want to round to first 1000 records) tmsh show ltm dns cache records rrset cache non-wideip-transparent-cache View resource record cache size count tmsh show ltm dns cache records rrset cache non-wideip-transparent-cache count-only Clear/Delete cache synatx: tmsh delete <cache-type> type <record-type> cache <cache-name> example to delete the a records from the resource record cache of the resolver cache named non-wideip-transparent-cache: tmsh delete rrset type a cache non-wideip-transparent-cache
  12. 1) Move the txsat1slbco12 guest to another slot You need to Provision the vCMP Guest, change slot (in this case I moved it to 4) and watched the status state Guest Migration, then click Deploy.
  13. Looks to me like the bug is confirmed. Here is where the issue appears to lie: As you can see, txsat1slbco12 and txsat1slbco36 are reporting the same rebroad_mac address (far column on right). We have 4 options here: 1) Move the txsat1slbco12 guest to another slot 2) apply the workaround specified in bugtracker - --Disable clusterd from sending packets over tmm_bp by turning off the db variable clusterd.communicateovertmmbp: modify sys db clusterd.communicateovertmmbp value false. 3) Escalate and request and EHF to address this issue. 4) upgrade to v14 line as that appears unaffected. Any option will likely require a change record to cover yourself. Upgrading to v14 or EHF would be the most impactful as the other 2 can be run without a reboot.
  14. A quick breakout of the operating system for your reference
  15. If you want to send curl multiple times you can use (below its 20 times) for i in 'seq 1 20';do curl
  16. Application Services 3 Extension (referred to as AS3 Extension or more often simply AS3) is a flexible, low-overhead mechanism for managing application-specific configurations on a BIG-IP system. AS3 uses a declarative model, meaning you provide a JSON declaration rather than a set of imperative commands. The declaration represents the configuration which AS3 is responsible for creating on a BIG-IP system. AS3 is well-defined according to the rules of JSON Schema, and declarations validate according to JSON Schema. AS3 accepts declaration updates via REST (push), reference (pull), or CLI (flat file editing). AS3 overview: Install & Use AS3: Requirements for using AS3 with BIG-IQ To use AS3 with BIG-IQ, you must perform the following. For specific instructions on these tasks, see the BIG-IQ online help or documentation (BIG-IQ) or the BIG-IP documentation. Install BIG-IQ v6.1.0 or later. Manage one or more BIG-IP devices in BIG-IQ. LTM and any other relevant services should be discovered/imported. Specify the target BIG-IP in your AS3 declarations on BIG-IQ. BIG-IQ can manage multiple BIG-IP devices, so declarations must specify the applicable BIG-IP. In order to make use of BIG-IQ’s analytics capabilities, you must also: Connect at least one (data collection device) to BIG-IQ. Use BIG-IP version or newer. Provision Analytics (PDF) (Analytics) on BIG-IP. Enable stats for the BIG-IP within BIG-IQ. Configure an analytics profile for your service in the declaration. Additionally, we recommend that: You use AS3’s asynchronous mode (by POSTing with the query parameter ?async=true). AS3 waits for applications to be configured in BIG-IQ, which can result in timeouts when using AS3’s synchronous mode. See Method POST for more information. IMPORTANT: AS3 3.7.0 introduces new behavior for asynchronous mode. Even if you have asynchronous mode set to false, after 45 seconds AS3 sets asynchronous mode to true (API swap), and returns an async response. This allows you to use GET to poll for status (you should see a 202 status until the declaration is complete). This typically occurs for most declarations to BIG-IQ (and only very large declarations to BIG-IP); if the declaration completes in less than 45 seconds, AS3 does not modify asynchronous mode. You only use AS3 running on BIG-IQ. BIG-IQ does not support cases where AS3 runs externally (in a container for example). To make use of the RBAC capabilities on BIG-IQ: Use BIG-IQ’s auth token for authentication (see the BIG-IQ auth documentation for specific instructions). For application creation, add users to a custom Application Creator role, with access to any relevant AS3 templates. For each application created, a manager and viewer role are created automatically. Important Currently, the DELETE method is not supported when using BIG-IQ and AS3 with the target field. Additionally, the PATCH method when using BIG-IQ and AS3 with the target field is only supported using BIG-IQ 7.0 or later and AS3 3.10.0 and later; previous versions are not supported. Install AS3 If you are familiar with the BIG-IP system, and generally familiar with REST and using APIs, this section contains the minimum amount of information to get you up and running with AS3. Download the latest RPM package from F5 AS3 site on GitHub in the dist directory. Upload and install the RPM package on the using the BIG-IP GUI: Main tab > iApps > Package Management LX > Import Select the downloaded file and click Upload For complete instructions see Installing AS3 using the BIG-IP Configuration utility or Installing AS3 using cURL from the Linux shell. Be sure to see the known issues on GitHub (https://github.com/F5Networks/f5-appsvcs-extension/issues) and Warnings, Notes, & Tips pages to review any known issues and other important information before you attempt to use AS3. Provide authorization (basic auth) to the BIG-IP system: If using a RESTful API client like Postman, in the Authorization tab, type the user name and password for a BIG-IP user account with Administrator permissions. If using cURL, see Installing AS3 using cURL from the Linux shell. Copy one of the Example declarations which best matches the configuration you want to use. Alternatively, you can use the simple “Hello World” example below, which is a good start if you don’t have an example in mind. Paste the declaration into your API client, and modify names and IP addresses as applicable. See Appendix A: Schema Reference for additional options you can declare. POST to the URI https://<BIG-IP>/mgmt/shared/appsvcs/declare Quick Start Example 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 { "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d", "label": "Sample 1", "remark": "Simple HTTP Service with Round-Robin Load Balancing", "Sample_01": { "class": "Tenant", "A1": { "class": "Application", "template": "http", "serviceMain": { "class": "Service_HTTP", "virtualAddresses": [ "" ], "pool": "web_pool" }, "web_pool": { "class": "Pool", "monitors": [ "http" ], "members": [ { "servicePort": 80, "serverAddresses": [ "", "" ] } ] } } } } } I loaded Postman up on a Centos 7 virtual to test with inside our corporate intranet and no luck testing using the same method as described in the video above. I get the following error whenever I try and post. Some great links Validate Declarations BIG-IQ Monitoring and Managing AS3 Template example Using declarations with AS3 Templates Still need more manuals on BIG-IQ
  17. Version 1.0.0

    1 download

    being blocked by corporate for chrome so this is a work around
  18. Show me all nodes on LTM using CLI tmsh list /ltm node /partition1/* or tmsh list ltm node all or even better... tmsh list /ltm node /Partition1/* | grep -B 1 -A 4 10.40.91 Show me what pools a node is in using the CLI tmsh list ltm pool /Partition/* one-line | grep '' Show me what virtual server a pool belongs to using CLI tmsh list ltm virtual /Production/* | grep -B 5 'pool.tidalwave.zahsystems.com'
  19. Wireshark Experience? What are your IT strengths and weaknesses? What challenges do you think you might expect in this job if you were hired? What elements are necessary for a successful team and why? Have you worked with the F5 API's? f5, update client profile, block ssl v3 in the client profile u make a change and testers say failure, how do u look at teh handshake to see who's droppign the connection. what protocols and cipher suites are being used on virtual server. Using GUI and.or CLI What is persistence and how do you troubleshoot it? How can you see the cookie? use the browser or cli Familar with the bits inside the cookie iRule experience? grouping of logs, how do you find an appliacation specific log (gui / cli) limitation with gui vs cli GTM Experience troubleshoot GTM connectivity (port communicate) Wide-IP LTM (what kind of load balancing do you use for your pools) advantages/disadvantages of methods Round Robin, http specific profiles inside, acceleration profiles, one connect One Connect? SNAT? SNAT Security Network Address Translation Maps the source client IP address in a request to a translation address defined on the BIG-IP device. SSL Certificates Who generates Health Monitors What can have you created / used? tcp - three way handshake tcpdumps, any experience do you know how to check logs on F5? Where are they stored? GUI - CLI - /var/local/ltm VIP is down, how would you troubleshoot it. load balancer... 1. pool members (verify they are enabled (all green)) 2. curl to server what is your vip IP where would you find the ip of a domain each box has different subnets how do you find which box it belongs to traceroute to ip of vip infoblox experience? dns experience? a-records cname Flexible Schedule? (oncall rotation) File extension for backups:- *.ucs iRules scripts created using TCL with custom F5 extensions that enable users to create unique functions triggered by TMOS events. What does SNAT do? Secure Network Address Translation maps the source client IP in a request to a translation address defined on the BIG-IP device. how to monitor the number of concurrent connections going through the SNAT? tmsh show /ltm snat What is the primary reason for tracking and storing session data? To ensure that client requests are directed to the same pool member throughout the life of a session, or during subsequent sessions. Cookie persistence Cookie persistence uses an HTTP cookie stored on a client computer to allow the client to reconnect to the same server previously visited at a web site. HTTP Header Methods? GET POST PUT DELETE HEAD
  20. Not everyone can afford to buy Microsoft Office and then others don't like anything with Microsoft in the name so they would like to know alternatives. Heck we are using a Mac (not Microsoft Windows). Truthfully, its difficult to beat the functionality of Microsoft Excel and Microsoft Powerpoint and Microsoft Word (proabably in that order) Some sites to check out for alternatives include: Apple Numbers, Keynote and Pages its awesome and cheap NeoOffice(cost=free) Papyrus Office Mariner Software Thinkfree Word Alternatives: AbiWord (cost=free)
  21. Deploying F5 Changes to LTM via CLI example ssh userid@ipaddress first go into tmsh mode by simply typing tmsh move to the correct partition (in this case the box is a development box we will need to move to the development partition) cd /Development Below is an example of a script that is used to first create some nodes create ltm node zah1lvdwb452.zahsystems.com address create ltm node zah1lvdwb453.zahsystems.com address create ltm node zah1lvdap471.zahsystems.com address create ltm node zah1lvdap472.zahsystems.com address Below is an example of creating pools and assigning those newly created nodes to the pools create ltm pool pool.alfa-dev6.int.zahsys.com.8502 load-balancing-mode least-connections-member members add { zah1lvdwb452.zahsystems.com:8502 zah1lvdwb453.zahsystems.com:8502 } monitor https.standard.f5chk.success.Advantage create ltm pool pool.alfaws-dev6.int.zahsys.com.8473 load-balancing-mode least-connections-member members add { zah1lvdap471.zahsystems.com:8473 zah1lvdap472.zahsystems.com:8473 } monitor https.standard.f5chk.success.Advantage Below is an example of creating virtual servers and assigning the pools with some options create ltm virtual vs.si.alfa-dev6.int.zahsys.com.http destination profiles add { http tcp-lan-optimized } rules { irule.snat.for.my.network irule.any.any.http.to.https.301.redirect } create ltm virtual vs.si.alfa-dev6.int.zahsys.com.https destination pool pool.alfa-dev6.int.zahsys.com.8502 profiles add { http.cookie.encrypt tcp-lan-optimized ssl.wildcard.int.zahsys.com.disable.weak.ciphers.v1.0 serverssl-insecure-compatible oneconnect } persist replace-all-with { cookie.ZAhFSServices } rules { irule.snat.for.my.network } create ltm virtual vs.si.alfaws-dev6.int.zahsys.com.http destination profiles add { http tcp-lan-optimized } rules { irule.snat.for.my.network irule.any.any.http.to.https.301.redirect } create ltm virtual vs.si.alfaws-dev6.int.zahsys.com.https destination pool pool.alfaws-dev6.int.zahsys.com.8473 profiles add { http.cookie.encrypt tcp-lan-optimized ssl.wildcard.int.zahsys.com.disable.weak.ciphers.v1.0 serverssl-insecure-compatible oneconnect } persist replace-all-with { cookie.ZAhFSServices } rules { irule.snat.for.my.network } After you confirm each command goes in without errors you need to make sure the configuration is in sync with your standby device by first going to the common partition cd /Common Then running the following command which will copy the configuration run cm config-sync to-group device-group-failover-20100330
  • Create New...