(SOL6068) Purpose
You should consider using the following procedures under the following condition:
You want to create a single or multi-linesecure shell (SSH) banner that appears before or after a user logs in.
Prerequisites
You must meet the following prerequisites to use these procedures:
You have administrator access to the Traffic Management Shell (tmsh)
You have administrator access to the Configuration utility
Description
The SSH banner or welcome message displays before or after a user attem
↧
How-To: Adding banner or welcome messages for administrative logins
↧
Informational: BIG IP APM and GTM client redirection support
(SOL16474) Summary
This article discusses BIG IP APM and GTM client redirection support.
Description
You can combine BIG-IP GTM and BIG-IP APM to provide high availability and secure remote access to corporate resources from anywhere in the world. Using the BIG-IP APM and BIG-IP GTM solution, the BIG-IP GTM intelligently directs access request traffic to the closest configured and available BIG-IP APM deployment. The BIG-IP APM system redirects the client from a global fully-qualified domain name (FQDN) (v
↧
↧
Known Issue: The TMM process on a standby BIG-IP system may repeatedly restart and produce a core file after upgrading
(SOL16504) Description
The Traffic Management Microkernel (TMM) process on a standby BIG-IP system may repeatedly restart and produce a core file after upgrading.
This issue occurs when the following condition is met:
You have configured the BIG-IP systems in the device group to perform mirroring.
A rare race condition in a mirrored connection flow following an upgrade may cause TMM on a standby BIG-IP system to continuously restart and produce a core file.
Impact
The affected standby unit in the devic
↧
Known Issue: VMware View desktop initiation may trigger an 'HTTP 500 - Internal Server Error' response
(SOL16502) Description
VMware View desktop initiation may trigger an "HTTP 500 - Internal Server Error" response.
This issue occurs when all of the following conditions are met:
Your iOS device is running the VMware View client 2.3.1.
You establish an access session.
You access the VMware View desktop resource.
You close the VMware View desktop.
You attempt to relaunch the VMware View desktop.
Impact
Access to the VMware View desktop fails.
Symptoms
As a result of this issue, you may encounter
↧
Known Issue: iRules beginning with a number symbol may fail to load
(SOL15125) Description
iRules beginning with a number symbol ( # ), also referred to as a comment, may fail to load.
This issue occurs when the following conditions are met:
The iRule has an associated checksum
The BIG-IP configuration is loaded using the tmsh command
When iRules are saved into the bigip.conf file, the first line is automatically indented with four white space characters. Usually the system removes the white space characters when the configuration is loaded. However, when an iRule begi
↧
↧
How-To: Using the 'cpcfg' command to copy a configuration from one boot location to another
(SOL14724) Purpose
You should consider using this procedure under the following condition:
You want to copy a configuration from one boot location to another.
Prerequisites
You must meet the following prerequisites to use this procedure:
You must have command line access to the BIG-IP system.
The BIG-IP system must have multiple boot locations (volumes).
Description
The cpcfg command allows you to copy a configuration from a specified source boot location to a specified target boot location. The cpcfg
↧
Known Issue: Users cannot update a SNAT pool that contains a resolved hostname as a member
(SOL15650) Descript
Attempting to update an existing SNAT pool that contains a resolved hostname will result in an error.
This issue occurs when all of the following conditions are met:
The Display Host Names When Possible option is enabled.
You attempt to update an existing SNAT pool.
Impact
None
Symptoms
As a result of this issue, you may encounter the following symptoms:
You observe an error message in the BIG-IP Configuration utility and in the /var/log/ltm file that appears similar to the follow
↧
Security Advisory: Multiple Linux Kernel security vulnerabilities CVE-2010-3848, CVE-2010-3849, and CVE-2010-3850
(SOL16489)
↧
Security Advisory: NTP vulnerability CVE-2015-1799
(SOL16506)
↧
↧
Known Issue: The BIG-IP Edge Client may display an invalid warning message
(SOL16508) Description
The BIG-IP Edge Client may display an invalid warning message.
This issue occurs when all of the following conditions are met:
Your BIG-IP APM system is configured with a Network Access profile.
The access profile is configured with a Maximum Session Timeout set at 0 (zero disabled).
You have establish a Network Access session using the BIG-IP Edge Client.
Impact
The BIG-IP Edge Client displays an invalid session timeout warning.
Symptoms
As a result of this issue, you may encoun
↧
Change in Behavior: The device certificate is generated using the SHA-2 hash algorithm (11.5.0 and later)
(SOL16507) This article applies to BIG-IP 11.5.0 and later. For information about other versions, refer to the following article:
SOL12647: The device certificate is generated using the SHA-1 hash algorithm (10.1.x - 11.4.x)
Old Behavior
In versions prior to BIG-IP 11.5.0, and BIG-IQ 4.4.0, the device certificate was generated using the SHA-1 hash algorithm..
New Behavior
Beginning in BIG-IP 11.5.0 and BIG-IQ 4.4.0, the device certificate is generated using the SHA-2 hash algorithm.
The SHA-2 hash fami
↧
Overview: Overview of the datasync-global-dg device group
(SOL16509) Summary
The datasync-global-dg device group is essential for BIG-IP ASM systems to function properly in the same trust domain.
Description
Beginning in BIG-IP 11.6.0, the datasync-global-dg device group is automatically created on systems in any of the following scenarios:
You provision the BIG-IP ASM on a new BIG-IP 11.6.0 installation.
You upgraded BIG-IP ASM systems from previous versions to BIG-IP ASM 11.6.0.
You added a BIG-IP 11.6.0 system to a trust domain that has another device with th
↧
Known Issue: BIG-IP CGNAT may fail to hairpin subscriber traffic
(SOL16466) Description
F5 BIG-IP Carrier-Grade NAT (CGNAT) may fail to hairpin subscriber traffic.
This issue occurs when all of the following conditions are met:
You have a BIG-IP CGNAT virtual server configured with a FastL4 profile.
You have a Large Scale NAT (LSN) pool configured with Hairpin Mode set to Enabled.
The BIG-IP CGNAT virtual server processes a connection between two subscribers.
Impact
Traffic between subscribers, using the affected BIG-IP CGNAT virtual server, fails.
Symptoms
As a resu
↧
↧
Informational: Changing the AWS instance type of an hourly billing BIG-IP VE instance within an AWS environment
(SOL16488) Summary
BIG-IP Virtual Edition (VE) instances that use the hourly billing licensing model, within the Amazon Web Services (AWS) environment, do not allow users to change AWS instance types.
Description
Deploying a BIG-IP VE instance by using the hourly billing licensing model within the AWS environment, and then subsequently shutting down this instance and changing its AWS instance type, causes the mcpd process to restart repeatedly after the BIG-IP VE instance restarts.
For example, a user m
↧
Known Issue: A fail-safe event may not clear the next-active state on a BIG-IP device
(SOL16492) Description
A fail-safe event may not clear the next-active state on a BIG-IP device.
This issue occurs when all of the following conditions are met:
You configure high availability (HA) with two or more devices in a device trust.
You configure any of the following HA fail-safe modes on one or more devices in the device group:
System
Gateway
VLANs
An HA fail-safe event is triggered on a standby device with a designated next-active state for a traffic group.
Impact
The standby BIG-IP sy
↧
Overview: Overview of moving BIG-IP Virtual Edition to a new VMware host
(SOL13570) Summary
When you move a BIG-IP Virtual Edition (VE) virtual machine to a new VMware ESX/ESXi host, you may encounter license errors, depending on how you perform the move.
Description
You can move the BIG-IP VE virtual machine to a new VMware ESX/ESXi host by migrating or cloning BIG-IP VE to the new host.
Migrating BIG-IP VE to a new host:
When you migrate a licensed BIG-IP VE virtual machine to a new VMware ESX/ESXi host, the virtual hardware configuration is preserved and the BIG-IP VE
↧
Informational: BIG-IP APM support for SAML 2.0
(SOL16497) Summary
BIG-IP APM 11.3.0 introduced support for basic features described in the Security Assertion Markup Language (SAML) 2.0 OASIS standard. Support for additional SAML 2.0 features has since been added to the BIG-IP APM system to provide a comprehensive solution for Identity Provider (IdP) and Service Provider (SP) deployments.
Description
The BIG-IP APM system supports many of the SAML 2.0 Profiles, Bindings, and Protocols for IdP and SP deployments. The following section outlines the assoc
↧
↧
Known Issue: The wamd process may produce a core file and restart
(SOL16511) Description
The wamd process may produce a core file and restart.
This issue occurs when all of the following conditions are met:
The BIG-IP system is provisioned with one of the following modules:
AAM
WAM
The mcpd process is restarted.
Impact
The BIG-IP AAM or WAM system temporarily stops passing traffic.
Symptoms
As a result of this issue, you may encounter the following symptoms:
You notice wamd core files in the /shared/core directory.
The BIG-IP system intermittently stops passing t
↧
Known Issue: The traffic group setting for SNAT translation objects may fail to synchronize
(SOL16073) Description
The Inherit traffic group from current partition / path traffic group setting may fail to synchronize for secure network address translation (SNAT) translation objects.
This issue occurs when the following condition is met:
Your BIG-IP systems are configured in a Sync-Failover device group.
Impact
A SNAT translation object does not have the expected traffic group setting.
Symptoms
As a result of this issue, you may encounter the following symptom:
The Inherit traffic group from cu
↧
How-To: Passing IPsec ESP traffic through an IP forwarding virtual server
(SOL14169) Purpose
You should consider using this procedure under the following condition:
You want to establish an IPsec ESP tunnel connection through the BIG-IP system, using an IP forwarding or FastL4 virtual server.
Prerequisites
You must meet the following prerequisites to use this procedure:
You have configured an appropriate IP forwarding or FastL4 virtual server to forward the desired IPsec traffic.
Your BIG-IP system is not configured to be an IPsecSecurity Association (SA) terminal endpoint.
↧