(SOL15462) TopicThis article applies to the Traffic Management Shell (tmsh) for BIG-IP 11.x - 12.x. For information about using the Configuration utility for BIG-IP 11.x, refer to the following article:SOL14620: Managing SSL certificates for BIG-IP systems using the Configuration utilityYou should consider using this procedure under the following condition:You want to use the tmsh utility to manage new or existing Secure Socket Layer (SSL) keys and certificates for BIG-IP SSL profiles.DescriptionBIG-IP sof
↧
How-To: Managing SSL certificates for BIG-IP systems using the tmsh utility
↧
How-To: Configuring serial console logging to a file for a vCMP guest
(SOL68404255) TopicYou should consider using this procedure under the following condition:You need to perform logging on the serial console to a file for a vCMP guestDescriptionA vCMP guest does not have a physical serial port from which to access its console. When you perform troubleshooting on a vCMP guest on the console access level, you can use the vconsole utility on the vCMP host on which the vCMP guest resides. You can then capture the vCMP guest serial console using the vconsole utility by way of the
↧
↧
Security Advisory: OpenSSL vulnerability CVE-2016-2109
(SOL23230229)
↧
Security Advisory: OpenSSL vulnerability CVE-2016-2106
(SOL36488941)
↧
Security Advisory: OpenSSL vulnerabilities CVE-2016-7053 and CVE-2016-7054
(SOL32460441)
↧
↧
Security Advisory: OpenSSL vulnerability CVE-2016-2107
(SOL93600123)
↧
Known Issue: Duplicate security policy names differing in case only may cause a traffic disruption
(SOL89180851) Known IssueDuplicate security policy names differing in case only may cause a traffic disruption.This issue occurs when one of the following conditions is met:You configure two BIG-IP ASM security policies with the same name except for letter case.You configure two HTTP classes with the same name, except for letter case, and then upgrade to one of the affected versions.ImpactThe BIG-IP ASM system fails to process traffic for one of the two virtual servers configured with security policies or HTT
↧
Known Issue: The BIG-IP ASM bd process may exit and restart when parsing XML traffic under low memory conditions
(SOL47219203) Known IssueThe BIG-IP ASM bd process may exit and restart when parsing XML traffic under low memory conditions.This issue occurs when all of the following conditions are met:The security policy is configured with an XML profile.Your BIG-IP ASM system is consuming much or all of the available system memory.Although rare, the bd process can exit when all available memory for the XML parser is exhausted.ImpactThe BIG-IP ASM system fails to process traffic temporarily while the bd process restarts.S
↧
How-To: Debugging SQL monitors using the DB_monitor utility
(SOL00170525) TopicYou should consider using this procedure under the following condition:You need to debug SQL monitor connections on the BIG-IP system.DescriptionStarting in BIG-IP 11.6.0, BIG-IP includes a SQL monitor diagnostic utility that checks the status of SQL monitor connections. For example, if you need to diagnose an unresponsive SQL monitor, you can use the utility to check the status of SQL monitor pings in progress and open cached monitor connections. The command supports the following syntax:/
↧
↧
Security Advisory: PHP and libgd vulnerabilities CVE-2016-5116, CVE-2016-6128, CVE-2016-6132, and CVE-2016-6214
(SOL38016814)
↧
How-To: Enabling signature verification for BIG-IP ISO image files
(SOL15225) TopicYou should consider using this procedure under the following condition:You would like to enable or disable the BIG-IP software ISO file signature checking feature.DescriptionBeginning in BIG-IP 11.5.0, every BIG-IP software ISO image released will be accompanied by an authenticity signature (.sig) file. The .sig file enables the BIG-IP system to verify the ISO file authenticity before the BIG-IP software installation. The .sig file is required to be located in the /shared/images directory.T
↧
How-To: Configuring the traffic group definition for folders or partitions and various objects
(SOL08114320) TopicYou should consider using this procedure under the following condition:You want to reconfigure the traffic group definition that was erroneously removed from folders or partitions and various objects after an upgrade.DescriptionWhen you upgrade your BIG-IP system to a certain version, the upgrade process erroneously removes the traffic group definition from various objects and folders or partitions. For more information about this issue, refer to SOL14104: The traffic group definition may b
↧
How-To: Adding TMM interfaces to the BIG-IP Virtual Edition running on VMware ESXi
(SOL12149) TopicWhen you deploy BIG-IP Virtual Edition (VE) using an image (.ova), by default, the virtual machine guest environment includes the following number of virtual network adapters:BIG-IP 11.0.0 or later: Four virtual network adapters: one for the management interface, two for Traffic Management Microkernel (TMM) interfaces, and one for high availability (HA) purposes. If your specific needs demand more TMM interfaces, you can add virtual network adapters to the virtual machine guest environment.
↧
↧
How-To: Using SSL session ID persistence
(SOL3062) TopicBIG-IP Secure Sockets Layer (SSL) persistence allows you to persist SSL connections to a node, based on the SSL session ID of the connection.AdvantagesSSL persistence is much more granular than simple persistence. Unlike simple persistence, SSL persistence does not rely on proxies and network address translations (NATs) and is not subject to the associated issues that can make simple persistence ineffective.SSL persistence ensures that repeat connections from the same client are sent to the
↧
Overview: Overview of the management port
(SOL7312) TopicThe BIG-IP system uses the following two network connection entry points:TMM switch interfacesManagement interface (MGMT)Either the Traffic Management Microkernel (TMM) switch interfaces or the MGMT interface can provide administrative access to the BIG-IP system. However, F5 recommends that you use the management port.The TMM switch ports are the interfaces that the BIG-IP system uses to send and receive load-balanced traffic.The system uses the MGMT interface to perform system management
↧
How-To: Using the Receive Disable String advanced configuration setting
(SOL12818) TopicThe Receive Disable String (RECV drain string) advanced configuration setting, enables you to disable a pool member or node based on the response the system received from the server. This setting applies to the following monitors:HTTPHTTPSTCPUDPNote: For more information regarding monitors and configuring monitors, refer to the configuration guide for your specific BIG-IP product.The system uses the Receive Disable String value in conjunction with a Receive String value to match the value o
↧
Security Advisory: PHP vulnerability CVE-2016-6289
(SOL52430518)
↧
↧
How-To: Verifying NTP peer server communications
(SOL10240) TopicPurposeYou should consider using these procedures under the following conditions:You want to verify the Network Time Protocol (NTP) daemon service.You want to verify the BIG-IP system NTP configuration.You want to verify the communication between the BIG-IP system and the NTP peer server.You want to verify the network connectivity to the NTP peer server.PrerequisitesYou must meet the following prerequisites to use these procedures:You have root user access to the BIG-IP system.You have shel
↧
How-To: Configuring and displaying the management IP address for the BIG-IP system
(SOL15040) TopicPurposeYou should consider using this procedure under the following condition:You want to display or configure the management IP address for the BIG-IP system.PrerequisitesYou must meet at least one of the following prerequisites to use these procedures:You have administrative privileges in the Configuration utility.You have command line access to the BIG-IP system.You have physical access to the LCD panel on the BIG-IP system.DescriptionDescriptionThe management port on a BIG-IP system pro
↧
Security Advisory: OpenSSL vulnerability CVE-2016-7053
(SOL96175214)
↧
