secure connection failed
I have VS with port 443 https , pool 80 , client ssl and everything is working fine. i have changed the pool to 443 so the new configration is : VS port 44, pool 443, client ssl , server ssl ( i have used the built in ssl " serverssl_insecure_compatible", i faced secure connection failed .. i have changed the server ssl profile with the same certificate of client, but again the same issue. i have server bypass f5, i tried to access the backend server with ssl (https) and it is working fine, so what might be the issue and how to troubleshoot it ?2Views0likes0CommentsFIPS Security Domains Not Properly Synchronized Error
I'm having a difficult time getting a High Availability (HA) FIPS pair back into a cluster. I've set the FIPS SO/DO passwords and am now trying to set the same passwords on the standby box. However, I'm encountering the following error when performing a FIPS card sync: "Security Domains not properly synchronized (1)." Could this error indicate that the FIPS SO/DO passwords are not the same? Is it possible that I'm using incorrect SO/DO details compared to those set on the active unit? Any guidance on what might be going wrong would be greatly appreciated. Are there specific logs that provide more details about this error?2Views0likes0CommentsDual Stack IPSec Tunnels on F5 BIG-IP
I'm looking to confirm whether it's possible to create a route-based IPSec tunnel on F5 BIG-IP that supports both IPv4 and IPv6 traffic within a single tunnel. Specifically, the scenario involves establishing a single IPSec tunnel between a third-party device and F5 that terminates via IPv6 but needs to handle both IPv6 and IPv4 routes. If anyone can confirm that F5 supports this type of IPSec tunnel configuration, I can provide more details about what's currently working and what's not. Thanks in advance for any insights!3Views0likes0CommentsCAPTCHA Issue on Login Page
I've set up a brute force protection mechanism on our login page where a CAPTCHA is displayed after three incorrect password attempts. However, if the user fails to fill in the CAPTCHA correctly or leaves it blank, the system does not present the CAPTCHA again and instead allows the user to proceed to the application. Thanks for your insights.1View0likes0CommentsBIG-IP Monitors (unknown)/ Cookie
Dears, I have the pools attached to a VS by Irule. the VS and pools monitor status are unknown, the request is handle successfully. My question: why the monitor status of VS and all pools are unknown? is mandatory for making the monitor active and green, attach the pool in the default field of pool member in VS? Second question: If I show the pool name inside the cookie, how can I hide it?18Views0likes2CommentsHA Sync issue on Active-Active Cluster
One of the peer shows the error "Does not have the last synced configuration, and has changes pending" We tried syncing manually and the same error persists. As verified, NTP is in sync and there is no separate VLAN for HA. Jun 18 09:23:18 Peer A notice mcpd[7966]: 010718ed:5: DATASYNC: requested force sync by user: xxxxxxxx Jun 18 09:23:18 Peer A notice mcpd[7966]: 01b00004:5: There is an unfinished full sync already being sent for device group /Common/DG on connection 0xeba71348, delaying new sync until current one finishes. Jun 18 09:24:19 Peer B notice mcpd[9977]: 010718ed:5: DATASYNC: requested force sync by user: xxxxxxx Jun 18 09:24:20 Peer B notice mcpd[9977]: 01b00004:5: There is an unfinished full sync already being sent for device group /Common/DG on connection 0xeb6ee088, delaying new sync until current one finishes. err mcpd[9977]: 0107102b:3: Master Key decrypt failure - decrypt failure - final(not sure if this is related) Please suggest.43Views0likes3CommentsINFORM: Entrust CA will be untrusted in Chrome after Oct 31, 2024
If you manage certs from Entrust in your environment, this will impact your Google Chrome users, so intermediate certs will likely need to be bundled to handle this in your clientssl profiles OR if you control all the clients you can assure that explicit trust in the clients is enabled for Entrust CAs. Google details on the situation28Views0likes0CommentsUnknown Bots customization.
Dear Expert, I have been working in the Bot protection in the AWAF for a while in a customer environment, i am having an issue related to a customized Bot created for their Mobile APP, it has been classified as unknown Bot and this is normal coz it is custom created by the developers. I am searching for a workaround to only turn off the mitigation for this custom Bot and block any other unknown bots, this is not possible as i have found, please can you help if there is any workarounds out there. Regards, Muhannad28Views0likes1Comment