Cannot login to Avaya wanx using f5 apm network access
Hi we are facing some issues related to APM network access, we cannot login to our avaya wanx ip phone communicator using network access, but we can ping the call server we are using, but still no luck on login. Is there something we need to adjust on APM network access setup?
(How) can I get two client certificates in one APM session?
I have a customer with iPads that need to authenticate to APM with a user certificate. This has been working fine, but there is also now need to read a field from a per-device certificate on each iPad and make use of this within the access policy. The two certificates are issued by different authorities. Maybe I am wrong, but it seems impossible to change the client SSL profile by renegotiating SSL during the session, so as to let me check the user cert and then the device cert. Does anyone know of a way? TMOS V16.1
Need help in automating BigIQ session summary reports
I have been asked to work out a way of automating the CSV report from BigIQ Monitoring Access Dashboard. Under Access > Sessions > Session Summary I have been filtering Network_Access as the AP result and then manually exporting the CSV there. Our security who does not have a Splunk server is asking for this every 24 hours. Therefore I am looking to see if there is a way I can have a scheduled job run for this. Only things I am finding are configuration automation or automation dealing with ASM. Any help would be greatly appreciated.
F5 Access Guard Deprecated: ZTA APM
Since F5 Access Guard is deprecated and not supported on Win 11, newer browsers, and some versions of MacOS, what is the replacement for posture checking when implementing a ZeroTrust architecture using APM as an identify aware proxy? One major point of ZT is to do continuous posture checking of a client and the requests they are making--each and every one utilizing a per-request policiy. Without this component, it seems like APM is not a great candidate for use. What are others doing when using APM within their ZT network? Are they using 3rd part solutions with an HTTP connector to evaluate to client/request for each and every request?
F5 APM Syslog-NG parser
Hello everybody, I use the VPN big-ip Edge client F5 and I would like to generate a log with all theses session variables "session.ldap.last.attr.userPrincipalName + session.check_machinecert.last.cert.subject + session.assigned.clientip". My problem is that the "session.assigned.clientip" isn't populate in the session variable so I can't use a log message to make a custom log with all of theses values. So my question is , is it possible to parse theses logs with syslog-ng and concatenate all the syslog trame with the session ID ? and forward the log concatenated to an another syslog instance ? Don't know if my question is very undertandable ? Regards, MiguelF5 APM DHCP instead of leasepool
Hello, I'm looking to configure the APM to use an upstream DHCP server instead of the locally defined leasepool. I have seen in other posts a link to an article for just this, but the link is no longer around and I cannot find the iapps template associated. iApp, documentation, and example APM Policy to get IP addresses from DHCP for APM VPN clients Can someone point me to the correct link, or can someone tell me the proper way to do this? When i remove the leasepool from the APM policy it says no leasepool assigned and the connections fail. Thank you.APM with EntraID as idP / request signed
Hi experts. I need your help to solve an issue. I'm configuring a new enviroment with BIG-IP version 15.1.8.2 Build 0.0.17 Point Release 2. I have the APM works fine with SSO using EntraID (AzureAD) as idP. Now, I need to enable the request signed (Enforce signed SAML authentication requests - Microsoft Entra ID | Microsoft Learn). I generated the self signed certificate and import it on my app at Azure and my BIG-IP. I changed my config in Access > Federation > SAML Identity Provider and assigned my self signed certificate (pk included) to assign the request. But, I've received the below error by EntraID: Sign-in error code: 76021 Failure reason: The request sent by client is not signed while the application requires signed requests All attemps was made by browser (SSL VPN). Thank you.
[APM] The F5 API returned the error BadRequest(400)
Hello Team , We use a tool for whitelisting the URL and IP's and push the configuration to F5 everyday . We have below error on the tool . Can we check anything on the F5 . I did not find any error message on the audit logs . Error : F5 synchronization batch reported an error while managing F5 : SendRequest: The F5 API returned the error BadRequest(400) received from the API: request failed with null exceptionapm session variable from part of uri...
Hey all, I have a problem I need to solve. We have an application that uses a mobile app, the app does authentication with apm(local sp/external idp) through one browser and then accesses the the backend server in another session.. and the apm is not aware of that second one so it gerenrates a new login which fails and the app cannot login. The app passes a identification value the the urls which the app uses.. I want to do the same. Does anyone know or have any tips on how i can catch part of the uri (sort of like this https://test.com/sessionid=1234-5678-9101) that contains the sessionid and apply it to a session variable? /Kim
