↧
Manual: BIG-IP DNS Services: Implementations
↧
Manual: BIG-IP DNS Services: Implementations
↧
↧
How-To: Configuring the BIG-IP system to use an SSL chain certificate (11.x - 12.x)
(SOL13302) TopicThis article applies to BIG-IP 11.x through 12.x. For information about other versions, refer to the following article:SOL6401: Configuring the BIG-IP to use an SSL chain certificate (9.x - 10.x)PurposeYou should consider using these procedures under the following condition:You need to configure a Secure Sockets Layer (SSL) profile to use an SSL chain certificate on the BIG-IP system.PrerequisitesYou must meet the following prerequisites to use these procedures:You must have the public root
↧
Manual: BIG-IP System: SSL Administration
↧
Known Issue: The tmsh utility may display duplicate pool members incorrectly
(SOL59012811) Known IssueThe Traffic Management Shell (tmsh) utility may display duplicate pool members incorrectly.This issue occurs when all of the following conditions are met:There are multiple members in the pool.The pool members have the same IP address.One of the pool members has been configured with a wildcard (any) port.You view the pool statistics using the following command syntax: tmsh show ltm pool <Pool_Name> detailImpactThis issue is cosmetic only.SymptomsAs a result of this issue, you ma
↧
↧
Informational: The BIG-IP APM RADIUS AAA configuration profiles support only the PAP encryption method
(SOL14997) TopicThe BIG-IP APM RADIUS AAA server configuration supports only the Password Authentication Protocol (PAP) encryption method.
If the remote RADIUS server is configured to use a different authentication protocol, authentication fails.
For more information about configuring RADIUS AAA servers for BIG-IP APM systems, refer to the RADIUS Authentication and RADIUS Accounting chapters of theBIG-IP Access Policy Manager: Authentication and Single Sign-On guide (11.5.0).
↧
How-To: Using an iRule to load balance HTTP requests to multiple pools
(SOL9800) TopicYou can use an iRule to load balance HTTP requests to different pools, depending on the attributes of the traffic. For example, you can load balance individual HTTP requests to different pools based on the URI path, content type, request parameters, user agent, or other request attributes. However, in order to support proper pool reselection mid-connection, such as supporting multiple HTTP requests arriving on the same Keep-Alive connection, the existing server-side connection must first be
↧
Informational: Support for WebDAV in a BIG-IP LTM HTTP profile (9.x through 10.x)
(SOL5924) TopicThis article applies to BIG-IP version 11.x. For information about other versions, refer to the following article:
SOL13285: Support for WebDAV in a BIG-IP LTM HTTP profile (11.x)
The BIG-IP HTTP profile supports HTTP and HTTP-like protocols. Web-based Distributed Authoring and Version (WebDAV) is a set of extensions to the HTTP/1.1 protocol specification that allows users to collaboratively edit and manage files on remote web servers.Since it coincides with the HTTP/1.1 standard defined
↧
Error Message: Error Message: Preauthentication failed, principal name: administrator@example.com. Invalid user credentials
(SOL11626) IssueWhen an administrator's credentials that are configured for an Active Directory AAA server are incorrect, you may receive the following error messages:AD module: query with '(sAMAccountNamejsmith)' failed in krb5_get_init_creds_password(): Preauthentication failed, principal name: administrator@example.com. Invalid user credentials. AD agent: Query: query with '(sAMAccountNamejsmith)' failedThis error message does not indicate an issue with the users credentials. The AAA server, as configur
↧
↧
Security Advisory: FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898
(SOL03202240)
↧
Informational: The Microsoft 64-bit operating system may affect BIG-IP APM Remote Desktop Protocol printer redirection functionality
(SOL14971) TopicSummaryBIG-IP APM Remote Desktop Protocol (RDP) remote printer redirection utilizes client-side ActiveX to initiate connections to the RDP remote printer using MSTSC (Microsoft Terminal Services Client). The Microsoft 64-bit operating system security configuration may affect BIG-IP APM remote desktop RDP printer redirection functionality.DescriptionThe Microsoft 64-bit operating system restricts ActiveX and Java functions by default. Restricting ActiveX functionality may impact the reliabil
↧
Informational: Recommendations for Windows clients when opening Network Access within PWS
(SOL15390) TopicSummaryRecommendations for clients that run Windows 8 and later versions, when opening Network Access within Protected Workspace (PWS).DescriptionThe Network Connectivity Status Indicator (NCSI), starting in Windows 8, is part of the broader Network Awareness feature. NCSI is designed to respond to network conditions, so when requested by Network Awareness, it examines the connectivity of a network in a variety of ways. For example, when the computer is brought into a captive portal site th
↧
Security Advisory: pcregrep in PCRE vulnerability CVE-2015-8393
(SOL05428062)
↧
↧
Manual: BIG-IP Global Traffic Manager: Load Balancing
↧
Manual: BIG-IP DNS: Load Balancing
↧
Known Issue: The BIG-IP ASM bd process may produce a core file when many virtual servers reference remote logging profiles
(SOL75561218) Known IssueThe bd process may produce a core file when the BIG-IP ASM configuration contains many virtual servers that reference remote logging profiles. For example, this issue can occur when a configuration contains more than 200 virtual servers that reference remote logging profiles.This issue occurs when one of the following conditions is met:BIG-IP ASM processes are restarted. For example, you run the bigstart restart asm command.The system is initializing after a reboot.ImpactThe BIG-IP A
↧
Known Issue: Clients may receive an HTTP 500 Internal Error response after successful completion of a BIG-IP APM access policy
(SOL14954742) Known IssueClients may receive an HTTP 500 Internal Error response after successful completion of a BIG-IP APM access policy.This issue occurs when all of the following conditions are met:Your BIG-IP APM system has the fix for ID 374067 installed.Clientless mode is enabled on the BIG-IP APM system.Your BIG-IP APM system runs on a chassis platform.ImpactClients cannot establish access sessions with the BIG-IP APM system.SymptomsAs a result of this issue, you may encounter one or more of the follo
↧
↧
Informational: Modifying the list of ciphers and MAC algorithms used by the SSH service on the BIG-IP system or BIG-IQ system
(SOL80425458) TopicYou should consider using this procedure under the following condition:You want to modify the encryption ciphers or the Message Authentication Code (MAC) algorithms used by the SSH service on the BIG-IP system or the BIG-IQ system.DescriptionYou can configure the SSH service (also known as sshd) to use a desired set of encryption ciphers and MAC algorithms to meet the security policy enforced in your environment. This article discusses how to modify the default sshd configuration.By defaul
↧
Informational: Overview of the BIG-IP APM network access profile and static host entries for Mac OS X
(SOL15116) TopicFor Mac OS X users who use the BIG-IP Edge Client or browser-based network access with BIG-IP APM (SSL VPN tunnels), the BIG-IP APM system may dynamically configure their system with static host DNS entries in the users local /etc/hosts file, based on the network access profile configuration. The BIG-IP APM system's network access static hosts feature dynamically adds static host entries (DNS hostname/IP address pairs) to the client device /etc/hosts file when establishing the network acces
↧
Known Issue: TMM may restart when multiple teardown attempts occur for a single connection
(SOL93258439) Known IssueThe Traffic Management Microkernel (TMM) may restart when multiple teardown attempts occur for a single connection.This issue occurs when all of the following conditions are met:Your configuration includes a virtual server with an associated TCP profile and iRule.The iRule logic delays connection processing until after the TCP profile has triggered a connection teardown.The iRule triggers another teardown for the same connection.The TCP profile has the following options enabled: BIG-I
↧