(SOL13620) Description
The BIG-IP GTM and BIG-IP Link Controller systems may lose wide IP pool members from the wide IP pool configuration. This issue occurs when the following condition is met:
You have performed a user configuration set (UCS) archive installation on the affected system while the gtmd process is performing the virtual server auto-discovery task.
This issue occurs because the gtmd process is attempting to auto-discover the virtual servers from the BIG-IP devices (the BIG-IP LTM configura
↧
Known Issue: BIG-IP GTM and BIG-IP Link Controller may lose wide IP pool members after a UCS archive installation
↧
How-To: Configuring the BIG-IP system to support jumbo Ethernet frames
(SOL13339)
Purpose
You should consider using this procedure under the following condition:
You require the BIG-IP system to process jumbo Ethernet frames.
Prerequisites
You must meet the following prerequisites to use this procedure:
Your hardware and software combination must support Jumbo Frames. For supported combinations, refer to SOL6399: Support for jumbo Ethernet frames.
To avoid any disruption of traffic, you must ensure that the neighboring network devices support the Ethernet frame size tha
↧
↧
How-To: Configuring a BIG-IP virtual server with message-based load balancing profile
(SOL13575)
Purpose
You should consider using this procedure under the following condition:
You want to enable message-based load balancing (mblb) mode instead of connection-based load balancing mode for the following protocols:
Session Initiation Protocol (SIP)
Radius
Diameter
Prerequisites
You must meet the following prerequisites to use this procedure:
You have command line access.
You have an existing SIP/Radius/Diameter virtual server configured on the BIG-IP system.
Description
The BIG-IP
↧
How-To: Disabling BIG-IP ASM-related SNMP traps
(SOL9896) The BIG-IP ASM systemmay send SNMP traps to report request violations and requests that the system blocked. However, this level of reporting may not be desired or useful. In some cases, the SNMP network manager may not be able to handlethe volume ofsuch SNMP traps sent by the BIG-IP ASM system. In other cases, the administrator may wantto monitor the same information using a syslog server or a remote logging profile. You can prevent the BIG-IP ASM system from sending SNMP traps for BIG-IP ASM re
↧
Informational: The BIG-IP system resets the Diameter connection when the Diameter message from a peer has an empty value in the Origin-Realm field
(SOL12867) When a virtual server using the Diameter profile receives a Capabilities-Exchange-Request (CER) message with an empty Origin-Realm field from a Diameter peer, the virtual server attempts to use the empty Origin-Realm field when sending a Device-Watchdog-Answer (DWA) message to a Diameter peer. As a result, the BIG-IP system stops the DWA message, resets the Diameter connection, and logs an error message that appears similar to the following example in the /var/log/ltm file:
014c0001:3: diameter
↧
↧
Informational: Support for the IBM AppScan vulnerability assessment tool
(SOL14089)
Summary
The BIG-IP ASM system supports the use of the xml output file from the IBM AppScan Standard edition vulnerability assessment tool for building asecurity policy.
Description
In BIG-IP ASM 11.1.0, the ASM system introduces support for building a security policy using the xml output file from the IBM AppScan Standard edition. However, if you attempt to build a security policy using the xml output file from the IBM AppScan Enterprise edition, the BIG-IP ASM system fails to import the outpu
↧
Security Advisory: pl_tree.php XSS vulnerability CVE-2014-9342
(SOL15939)
↧
Policy: Advance End of Sale notice for the F5 WebSafe SDK
(SOL15937) F5 is announcing the End of Sale (EoS) of the F5 WebSafe Software Developer Kit (SDK), effective January 1, 2015. WebSafe SDK functionality has been integrated into the BIG-IP LTM system with the release of version 11.6.0. Functionally is also available as an iRule and is supported in BIG-IP LTM 10.2.4 and later. WebSafe customers are encouraged to transition to BIG-IP 11.6.0 for the functionality they rely upon in WebSafe. F5 is providing advance product notification to existing customers and p
↧
Known Issue: An iRule referring to a pool by full path name is unable to obtain pool status
(SOL15940) Description
If an iRule refers to a pool by the full path, the virtual server will not obtain the pool status.
This issue occurs when all of the following conditions are met:
A virtual server uses an iRule that refers to a pool by the full path.For example:
if { [HTTP::uri] contains "http1"} {
pool /Common/pool_http
The virtual server has no associated Default Pool.
Impact
The BIG-IP system continues to send traffic to the pool, regardless of pool status.
The BIG-IP system does
↧
↧
Known Issue: Statistics Data Collection fails when the Time Zone on Enterprise Manager is not set to America/Los Angeles
(SOL12845)
Description
The Enterprise Manager fails to collect statistics from the devices in its inventory when all of the following conditions are met:
The Time Zone of theEnterprise Manager is configured to any other time zone than America/Los Angeles.
The Statistics Data Collection feature is enabled on the Enterprise Manager.
The Enterprise Manager is configured to discover a new device.
Impact
The Enterprise Manager fails to provide performance statisticsfor the devices in its inventory.
Symptom
↧
How-To: Allowing asymmetrically routed connections across multiple VLANs (11.x)
(SOL13558) This article applies to BIG-IP 11.x. For information about other versions, refer to the following article:
SOL10346: Allowing asymmetrically routed connections across multiple VLANs (9.x - 10.x)
Purpose
You should consider using this procedure under the following condition:
The BIG-IP system needs to accept asymmetrically routed connections.
Prerequisites
You must meet the following prerequisite to use this procedure:
The BIG-IP configuration must already contain existing VLANs and virtual
↧
Overview: Overview of the HTTP Compression profile
(SOL15434) This article applies to BIG-IP LTM 11.x. For information about other versions, refer to the following article:
SOL3393: Overview of compression settings for the HTTP profile
Summary
When you configure an HTTP Compression profile and assign it to a virtual server, the BIG-IP system reads the Accept-Encoding header of a client request and determines what content encoding method the client prefers. The BIG-IP system then removes the Accept-Encoding header from the request and passes the request t
↧
Overview: The SNAT Automap and self IP address selection
(SOL7336) The SNAT Automap featureselects a translation address from the available self IP address in the following order of preference:
Floatingself IP addresses on the egress VLAN
Floating self IP addresses on differentVLANs
Non-floating self IP addresses on the egress VLAN
Non-floating self IP addresses ondifferentVLANs
The selection of a floating self IP as translation address on a VLAN other than the egress VLAN is intended to avoid disruption in an HA failover scenario. However, depending on the n
↧
↧
Known Issue: TCP Segmentation Offload can cause TMM to restart and leave a core file
(SOL15941) Description
TCP Segmentation Offload (TSO) can cause the Traffic Management Microkernel (TMM) to restart and leave a core file in some circumstances.
Impact
TMM may produce a core file and temporarily fail to process traffic.
Symptoms
As a result of this issue, you may encounter one or more of the following symptoms:
The BIG-IP system may fail to process traffic for a brief period.
The BIG-IP system may fail over to another host in the device group.
TMM generates a core file in /var/core.
Sta
↧
Security Advisory: Multiple PHP 5.x vulnerabilities
(SOL15761)
↧
Policy: End of Technical Support announcement of Outlook Web Access for FirePass and BIG-IP APM
(SOL15929)
↧
Policy: End of Technical Support announcement of FirePass and BIG-IP APM for Windows Phone 7
(SOL15925)
↧
↧
Informational: The 'ramcache.maxmemorypercent' variable controls memory allocation for the BIG-IP Cache Setting feature (11.x)
(SOL13878) This article applies toBIG-IP 11.x. For information about other versions, refer to the following article:
SOL12225: The 'ramcache.maxmemorypercent' variable controls memory allocation for the BIG-IP RAM Cache (10.x)
Summary
The BIG-IP system uses the ramcache.maxmemorypercent variable to limit the amount of memory thatthe Cache Setting feature is allowed to use.
Description
By default,the Cache Setting feature cannot allocate more than the maximum allowable cache size per TMM. The ramcache.max
↧
How-To: Enabling and disabling CGNAT using tmsh or the Configuration utility
(SOL15919) Purpose
You should consider using this procedure under the following condition:
You want to enable or disable the CGNAT module.
Prerequisites
You must meet the following prerequisite to use this procedure:
You have a valid license for the CGNAT module.
You have administrator access to the Traffic Management Shell (tmsh) utility or the BIG-IP Configuration utility.
Description
The carrier-grade network address translation (CGNAT) module on the BIG-IP system supports large groups of translatio
↧
Informational: BIG-IP cumulative hotfix version 11.4.1
(SOL14835) F5 has recently discovered and corrected a number of issues that affect customers running BIG-IP 11.4.1. F5 recommends that all customers currently running BIG-IP 11.4.1 install the latest cumulative rollup hotfix.
The following table lists the rollup hotfixes released for BIG-IP 11.4.1. The table lists each hotfix, along with the ID numbers of issues that the corresponding hotfix resolves, and a description of each issue. If an article exists for the issue, the ID number contains a link to a co
↧