For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

management

4576 Topics

ACME DNS RFC-2136 Let's Encrypt certs
I've been pushing on certbot to handle CNAME entries when ordering certs, and finally given up. https://github.com/certbot/certbot/issues/6787 https://github.com/certbot/certbot/pull/9970 https://github.com/certbot/certbot/pull/7244 This repo contains scripts that: Create an ACME account with Let's Encrypt use TSIG credentials to talk to bind (RFC-2136) create TXT record in correct zone by following CNAME and SOA entries if present downloads certs installs certs on one or more F5s. The F5 credentials requires Administrator rights as Certificate Manager can't upload files. https://github.com/timriker/certmgr CNAME records are recommended to a zone with minimal or no replication and a low TTL. ie: _acme-challenge.example.com CNAME example.com._tls.example.com _acme-challenge.example.net CNAME example.net._tls.example.com _tls.example.com would have one name server and 30 second TTL or so a TSIG key would be created that only needs update access to _tls.example.com Comments welcome. JRahm I'm looking at you. 😎 More info: https://letsencrypt.org/docs/challenge-types/
TimRiker
Nov 25, 2025 Place Technical Forum
105Views
3likes
1Comment
Fundamental Exam Study Guides
Do Exam Study Guides as mentioned on the Blueprints for Fundamental exams 101 and 201 exist? Or is this just the list of web links titled "F5 Fundamentals Certification Resource Guide"?
trev_berry_1414
Jan 15, 2014 Place Technical Forum
380Views
1like
1Comment
Run mkdir over iControl REST for disappearing /var/config/rest/downloads/tmp
Hello, I am currently writing the code for automating our ssl cert deployment among other things. I upload files to the Bigip device to shared/file-transfer/uploads/ This only works when the directory /var/config/rest/downloads/tmp exists. I noticed this periodically is removed again. Is there a way I can run an mkdir over REST to fix this? Regards
NiHo_202842
Aug 19, 2015 Place Technical Forum
218Views
1like
1Comment
ASM OIDs for Monitoring
Hey All, Anyone know if there are any ASM OID's to be able to snmp poll the F5 ASM module for statistics? The only thing I see within the MIB files are just the ability to send snmp traps. BSaunders
Brian_Saunders1
Aug 14, 2012 Place Technical Forum
1.4KViews
1like
18Comments
Difference between Port translation, Address translation and SNAT?
Hello Guys, Sorry for the dump question, but could you please help me briefly the different between following? Port Translation Address translation SNAT? (Automap / SNAT Pool). Thank you, Darshan
swo0sh_gt_13163
May 11, 2014 Place Technical Forum
2.5KViews
1like
3Comments
Remote Logging of Log Files
I've configured F5 Big IP to send logs to a remote location. However it sends several messages. I know it is possible to configure log levels from 'Options' (critical, emergency, etc.) What I want to learn that, is it possible to configure remote logging such that sends only LTM logs (I mean logs written to /var/log/ltm file, only)?
beaglest_137681
May 15, 2015 Place Technical Forum
319Views
1like
1Comment
BIGIP system can't access internet with proxy
Hi, I'm trying to configure a LTM cluster to access internet through a proxy. The goal is to re-activate licence in automatic mode. I tried to configure the proxy parameters with this SOL: "Optional: If the BIG-IP system connects to the Internet using a forward proxy server, set these system database variables. Type tmsh modify sys db proxy.host value hostname to specify the host name of the proxy server. Type tmsh modify sys db proxy.port value port_number to specify the port number of the proxy server." But when I click on reactivate licence I have a timeout. If anyone had a solution. Thanks
Benjamin_LEGRAY
May 05, 2014 Place Technical Forum
1.2KViews
1like
9Comments
Which attack signature sets does contain others?
My application is running on Apache Tomcat and there is one signature set with such name. Of course, I enabled it. The question is should I also enable sets referred to e.g. Apache, Java Servlets? Or maybe required signatures are containing in Apache Tomcat set already?
Enr1g_219148
Sep 17, 2015 Place Technical Forum
396Views
1like
3Comments
Network interface naming convention
I know that the naming convention that applies to network interfaces is s.p where s is the slot and p is the port, as in 1.1. When I check my Viprion I see thinks like 1/1.1 and 2/1.1 so I'd say that the naming convention in this case would be b/s.p where b is blade and it seems that slot is always 1 for each blade. Knowing all this I check now the network interfaces in my vCMP guests and I see thinks like 1/0.3, 1/0.4, 1/0.5 and 1/0.6 in one of the guests and 1/0.7, 1/0.8, 1/0.9 and 1/0.10 And I wonder, which is the naming convention for a vCMP system? It seems that ports 3,4,5,6 are assigned to first guest and 7,8,9,10 to the second one. Are port numbers 1 and 2 then reserved ports in any way? Why there are 4 ports? (has it something to do with the number of cores assigned to the guest? I'm trying to understand all this, and I'm not finding documentation about this subjects :(
Angel_Lopez_116
Dec 01, 2014 Place Technical Forum
821Views
1like
3Comments
FIPS Errors
Hi I am seeing the following error being logged: iControlPortal.cgi[14845]: Checking for FIPS card.. FIPS open failed The device itself does not have FIPS installed: root@(device01)(cfg-sync Standalone)(Active)(/Common)(tmos) fips-util No supported FIPS device found How do I stop these errors from being generated?
SL
Oct 21, 2013 Place Technical Forum
428Views
1like
4Comments