(SOL14042) Description
BIG-IP Virtual Edition (VE)may incorrectly report the interface media duplex setting as half duplex, from the Interface Properties page in the Configuration utility.
Impact
You are unable to confirm the current duplex setting of an interface from the Configuration utility.
Symptoms
As a result of this issue, you may encounter the following symptom:
The General Properties may show an Active Duplex setting of half duplex when you navigate to Network > Interfaces and click the int
↧
Known Issue: BIG-IP VE may incorrectly report the interface media duplex setting as half duplex
↧
Known Issue: Failing AD/LDAP server connections may cause the apd process to stop processing requests when service is restored
(SOL16501) Description
Failing Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) server connections may cause the apd process to stop processing requests when service is restored.
This issue occurs when all of the following conditions are met:
Your BIG-IP APM system is configured with either an AD or LDAP type AAA server.
The AAA server is configured to use a pool of servers.
The backend authentication server becomes temporarily unavailable when communicating with the BIG-IP APM syst
↧
↧
Error Message: Error Message: Network Access Connection Device not found
(SOL15453) This article applies to the BIG-IP APM system. For information about the FirePass controller, refer to the following article:
SOL8146: Error Message: Network Access Connection Device was not found
Error Message
Network Access Connection Device not found.
Message Location
You may encounter this message in the following location:
The BIG-IP Edge Client for Windows
Description
This message occurs when all of the following conditions are met:
A Microsoft Windows client system attempts to esta
↧
Informational: BIG-IP support for IPv4 multicast traffic
(SOL9310) Multicast traffic overview
L2 multicast addressing
L3 multicast addressing
L2 multicast (multicast bridging)
BIG-IP LTM as a multicast bridge
Accepting frames with L2 multicast source address
Multicast traffic and VLAN groups
L3 multicast (multicast forwarding & routing)
BIG-IP LTM as a multicast router
BIG-IP LTM as a multicast node
Multicast traffic overview
Multicast traffic allows a packet to be sent to a subset of hosts, a
↧
Known Issue: The RADIUS::avp iRule command must use the attr_type option
(SOL15533) Description
The RADIUS::avp iRule command will not work if you do not include the attr_type option in the iRule.
Impact
The BIG-IP system will fail to authenticate clients using RADIUS authentication.
Symptoms
As a result of this issue, you may encounter the following symptom:
Radius authentication through the BIG-IP systems fails, and the system logs a message similar to the following example to the /var/log/ltm file:err tmm1[13161]: 01220001:3: TCL error: /Common/radius_rule <CLIENT_ACCE
↧
↧
How-To: Performing a wipe of the Enterprise Manager MySQL databases
(SOL14226)
Purpose
You should consider using this procedure under the following conditions:
The Enterprise Manager system is unable to use the current database due to database corruption.
You are downgrading the Enterprise Manager system from a newer version.
You want to purge a database of current information, including statistical information, and all data for discovered devices.
Prerequisites
You must meet the following prerequisites to use this procedure:
Have root access to the Enterprise Manager
↧
Known Issue: The 'Cipher server preference' option in the Client SSL profile has no effect
(SOL12390) The Cipher server preference option inthe Client SSL profile has no effect. The BIG-IP system always behaves as if the option is active, even when the option is disabled.
F5 Product Development is tracking this issue as ID 250095, ID 319503, and ID 227237 (formerly CR66797).
Additional information
Client SSL profiles include the Cipher server preference option. This option, which is disabled by default, is intended to control whether the system uses the client's cipher preference or the server'
↧
Overview: Overview of BIG-IP SYN cookie protection (11.3.x - 11.6.x)
(SOL14779) This article applies to BIG-IP 11.3.x and later versions. For information about other versions, refer to the following article:
SOL7847: Overview of BIG-IP SYN cookie protection (9.x - 11.2.x)
Summary
The SYN cookie feature prevents the BIG-IP SYN queue from becoming full during a SYN flood attack. Certain BIG-IP platforms can perform hardware/software SYN cookie protection, while other platforms perform software-only SYN cookie protection.
Description
The BIG-IP SYN cookie feature protects
↧
Overview: Overview of BIG-IP device certificates (11.x)
(SOL15664) This article applies to BIG-IP 11.x. For information about other versions, refer to the following article:
SOL8187: Overview of BIG-IP device certificates (9.x - 10.x)
Summary
The BIG-IP system uses SSL certificates and keys for purposes, such as administrative tasks, inter-device communication, and offloading SSL traffic. This article provides information about SSL certificates and keys used for administrative tasks and inter-device communication.
The SSL certificates and keys used for BIG-IP
↧
↧
Known Issue: An iRule with a suspending command may cause TMM to produce a core file
(SOL15167) Description
An iRule with a suspending command may cause TMM to produce a core file.
This issue occurs when all of the following conditions are met:
The configuration contains an iRule event with a suspending command. For example, the after command is a suspending command.
The affected iRule contains CLIENT_CLOSED or SERVER_CLOSED events.
The BIG-IP system with an iRule-suspended TCP connection receives a TCP RST packet from the remote peer.
Impact
The BIG-IP system may temporarily fail to p
↧
Release Note: BIG-IP ASM 11.4.1
This release note documents the version 11.4.1 release of BIG-IP Application Security Manager. You can apply the software upgrade to systems running software versions 10.1.0 (or later), or 11.x.
↧
Release Note: BIG-IP ASM 11.5.0
This release note documents the version 11.5.0 release of BIG-IP Application Security Manager. You can apply the software upgrade to systems running software versions 10.1.0 (or later), or 11.x.
↧
Release Note: BIG-IP ASM 11.5.1
This release note documents the version 11.5.1 release of BIG-IP Application Security Manager. You can apply the software upgrade to systems running software versions 10.1.0 (or later), or 11.x.
↧
↧
Release Note: BIG-IP ASM 11.6.0
This release note documents the version 11.6 release of BIG-IP Application Security Manager. You can apply the software upgrade to systems running software versions 10.1.0 (or later), or 11.x.
↧
Release Note: BIG-IP ASM 11.5.2
This release note documents the version 11.5.2 release of BIG-IP Application Security Manager. You can apply the software upgrade to systems running software versions 10.1.0 (or later), or 11.x.
↧
Known Issue: The SNAT source port setting is missing from the BIG-IP Configuration utility
(SOL13434)
Description
The source port setting is missing from the SNAT properties page in the Configuration utility.
The source port setting allows you to specify whether the BIG-IP system preserves, changes, or attempts to preserve the source port of the connection. You can change the source port settings for virtual servers and secure network address translation (SNAT) objects by using theTraffic Management Shell (tmsh).
Impact
You must use the tmsh utility to change the SNAT source port setting.
Sym
↧
How-To: Configuring source port preservation for SNATs
(SOL13433)
Purpose
You should consider using this procedure under the following condition:
You have applications that require asecure network address translation (SNAT) object to preserve or change the source port.
Prerequisites
You must meet the following prerequisite to use this procedure:
You have access to the Traffic Management Shell (tmsh).
Description
In BIG-IP 10.0.0 and later, you can specify whether a SNAT object preserves the client's source port by changing the source port setting for th
↧
↧
Change in Behavior: BIG-IP hardware acceleration support for 4096-bit SSL keys
(SOL16503) Old Behavior
In versions prior to 10.2.0, BIG-IP platforms do not support hardware acceleration for 4096-bit SSL keys.
New Behavior
Beginning in BIG-IP 10.2.0, all BIG-IP platforms support hardware acceleration for 4096-bit SSL keys, with the exception of the platforms noted below.
The following BIG-IP platforms contain NITROX I family SSL cards, which do not support hardware acceleration for 4096-bit SSL keys:
BIG-IP 1500
BIG-IP 3400
BIG-IP 6400 / 6800
BIG-IP 8400 / 8800
Impact
The BIG-IP p
↧
Known Issue: Disabling and re-enabling the primary blade on an Active failover status VIPRION may cause a failover event if an HA group is configured
(SOL16514) Description
Disabling and re-enabling the primary blade on an Active failover status VIPRION may cause a failover event if a high-availability (HA) group is configured.
This issue occurs when all of the following conditions are met:
You have a BIG-IP VIPRION with multiple blades installed.
You have configured the BIG-IP system as a peer in a device group.
You have configured the BIG-IP system to use the HA group feature.
The HA group score is weighted equally among all peer members in a device
↧
Known Issue: vCMP guest names longer than 32 characters cause invalid statistics information
(SOL15869) Description
Virtual Clustered Multiprocessing (vCMP) guest names longer than 32 characters cause invalid statistics information.
vCMP guests can be created with names longer than 32 characters; however, the guest will fail to display throughput statistics, number of assigned cores, and associated interfaces.
Impact
This cosmetic issue impacts diagnostics.
Symptoms
As a result of this issue, you may encounter the following symptoms:
When the vCMP guest is initially created, you cannot view the
↧