(SOL00409413) TopicThe BIG-IP system does not advertise advanced routing protocols when the system is disabled or offline.DescriptionTo prevent route poisoning and adverse behavior, when forced offline or disabled, BIG-IP devices do not advertise advanced routing protocols, such as Border Gateway Protocol (BGP), Routing Information Protocol (RIP), Intermediate System-Intermediate System (IS-IS) or Open Shortest Path First (OSPF). The BIG-IP ARM system and routing will function when you release your device f
↧
Informational: The BIG-IP system does not advertise advanced routing protocols when the system is disabled or offline
↧
Informational: BIG-IP system administrative accounts
(SOL52286304) TopicThe BIG-IP system has three predefined administrative accounts named root, admin, and f5hubblelcdadmin. These administrative accounts have been granted additional privileges to allow the management of BIG-IP resources not available to the standard user accounts.DescriptionThe names and common uses for each of the BIG-IP system administrative accounts are described in the following sections.adminYou can use the administrator account to perform significant configuration operations using the C
↧
↧
How-To: Viewing and extracting the contents of an encrypted UCS archive file
(SOL8465) TopicTo view or extract the contents of an encrypted user configuration set (UCS) archive file, you must first decrypt the encrypted UCS archive file into a new decrypted archive file by performing the following procedure:Decrypting an encrypted UCS archive file into a decrypted archive fileAfter performing the Decrypt an encrypted UCS archive file into a decrypted archive file procedure, you can view or extract the contents of the encrypted UCS archive file by performing one of the following pr
↧
Error Message: Error Message: Node verification failed
(SOL11402) IssueDuring the first successful authentication against an RSA ACE server, a node secret is automatically created and shared between BIG-IP APM and the Agent Host on the RSA server. In the event that the IP address of the RSA server is changed, you may receive the following error message when attempting to authenticate against the server with the new IP address:Node verification failedTo resolve this error message, you must clear the node secret on the RSA server. To do so, perform the following
↧
How-To: Rebooting or shutting down all blades in a VIPRION system
(SOL11333) Topic
You should consider using this procedure under the following conditions:
You want to shut down all of the blades in a VIPRION system.
You want to reboot all of the blades in a VIPRION system.
DescriptionIn a VIPRION system, the reboot, halt, full_box_reboot, and shutdown commands only affect the blade on which the command is executed. To execute a shut down or reboot on all available (green) blades in a VIPRION system, you can use the clsh command in conjunction with the shutdown comm
↧
↧
How-To: Configuring IPv6 link-local self IP addresses (10.x - 12.x)
(SOL15203) TopicThis article applies to BIG-IP 10.x through 12.x. For information about other versions, refer to the following article:SOL9067: Configuring IPv6 link-local self IP addresses (9.x)You should consider using this procedure under the following condition:You want to configure IPv6 link-local self IP addresses on the BIG-IP system. For example, the BIG-IP system is configured to use an advanced routing protocol (IS-IS) and is required to advertise IPv6 prefixes.DescriptionThe BIG-IP system automa
↧
How-To: Allowing asymmetrically routed connections across multiple VLANs (11.x - 12.x)
(SOL13558) TopicThis article applies to BIG-IP 11.x through 12.x. For information about other versions, refer to the following article:SOL10346: Allowing asymmetrically routed connections across multiple VLANs (9.x - 10.x)You should consider using this procedure under the following condition:The BIG-IP system needs to accept asymmetrically routed connections.DescriptionYou can configure the BIG-IP system to accept asymmetrically routed connections across multiple Virtual Local Area Networks (VLANs) on a pe
↧
Known Issue: Dynamic ECMP routes are not added to the linux host
(SOL03587067) Known IssueDynamic Equal Cost Multipath (ECMP) routes are not be added to the linux host.This issue occurs when all of the following conditions are met:The BIG-IP system is licensed with Advance Routing.Your BIG-IP system is configured to use dynamic routing.Dynamic ECMP routes are discovered from a neighboring device.ImpactTraffic originating from the linux host may be sent out the wrong interface, sent via an incorrect route, or fail to be sent.SymptomsAs a result of this issue, you may encoun
↧
How-To: Configuring a virtual server to accept an alternate or dynamic data channel port for active FTP
(SOL6557) TopicBy default, the data channel port for active FTP is port 20. It is possible to configure a BIG-IP FTP virtual server to accept FTP data channel traffic on an alternate or dynamic port for active FTP.Note: An alternate data port for active FTP can only be used for inbound data to the BIG-IP LTM. The BIG-IP LTM uses this port for data traffic between the client and virtual server; it does not affect the data port between the BIG-IP LTM and the server. If the FTP server is using a data channel
↧
↧
Known Issue: The BGP may advertise the wrong nexthop floating self IP address
(SOL55285671) Known IssueThe Border Gateway Protocol (BGP) may advertise the wrong nexthop floating self IP address.This issue occurs when all of the following conditions are met:You have multiple BIG-IP systems in a high availability (HA) configuration.Your HA configuration involves multiple active traffic groups. This is also known as an active-active configuration.Your BIG-IP systems have BGP dynamic routing enabled.ImpactTraffic for advertised routes may fail if sent to a standby device.SymptomsAs a resul
↧
How-To: Setting the serial console baud rate on a VIPRION system (11.x - 12.x)
(SOL13325) TopicThis article applies to VIPRION platforms running BIG-IP 11.x through 12.x. For information about other versions, refer to the following article:SOL10621: Setting the serial console baud rate on a VIPRION system (9.6.x - 10.x)You should consider using this procedure under the following condition:You want to change the serial console baud rate on a VIPRION platform.DescriptionThe default serial console baud rate on VIPRION platforms is 19200. F5 recommends that you set the baud rate on the c
↧
How-To: Configuring a remote HSL pool on a vCMP host
(SOL15672) Topic
You should consider using this procedure under the following condition:
You want to configure a pool of remote high-speed logging (HSL) servers on a BIG-IP Virtual Clustered Multiprocessing (vCMP) host.
Note: When you provision the vCMP feature on the vCMP host, you cannot provision any other BIG-IP modules, such as the LTM module.
DescriptionWhen you configure remote HSL for BIG-IP system processes, it is a common practice to configure a pool of HSL servers to which the BIG-IP syste
↧
How-To: Configuring AOM-based BIG-IP platforms to boot from a network boot server
(SOL9599) TopicYou can configure the BIG-IP system to perform a boot from the network boot server using the command line, the Configuration utility, or by enabling the PXE boot option directly in the BIOS depending on the platform.Note: The Always-On Management (AOM) subsystem does not include an option to enable network boot, however the PXE boot option in the BIOS provides this function if there are no available BIG-IP system boot locations on the device.To perform a boot from a network boot server, per
↧
↧
How-To: Modifying the BIG-IP system's ephemeral port exhaustion warning
(SOL63275550) TopicYou should consider using this procedure under the following condition:You want to modify the BIG-IP system's ephemeral port exhaustion threshold warning.DescriptionWhen the BIG-IP system processes large numbers of new connections, the pool of available service ports can in rare instances become exhausted. This condition may cause a disruption of service during peak production periods. Beginning in 12.0.0, to help administrators identify and avoid this condition early, the BIG-IP system wil
↧
Known Issue: Citrix StoreFront applications may fail to open when accessed using Internet Explorer
(SOL93502575) Known IssueWhen you access StoreFront applications using the Internet Explorer browser, they may fail to open.This issue occurs when all of the following conditions are met:You configure the BIG-IP APM webtop in StoreFront replacement mode.You publish Citrix applications or desktops to your webtop.You have access to the BIG-IP APM webtop using an Internet Explorer version prior to 11.You attempt to launch a Citrix application or desktop.ImpactAccess to the Citrix application or desktop silently
↧
How-To: Configuring the BIG-IP VE system to log a notification when the throughput rate exceeds a configured threshold
(SOL15377) TopicYou should consider using this procedure under the following condition:You want the BIG-IP Virtual Edition (VE) system to log a notification when the throughput rate exceeds a certain threshold.DescriptionStarting in BIG-IP 10.2.4 and 11.2.0, you can configure BIG-IP VE systems to log a notification to the /var/log/ltm file when the system throughput rate exceeds a pre-configured threshold of the maximum allowed throughput rate licensed. This threshold is configurable via the log.alertbwthr
↧
How-To: Determining the End-User Diagnostics version
(SOL8002) TopicThe End-User Diagnostics (EUD) software is a set of diagnostic tests that provides reports about various components in the hardware unit. F5 updates the EUD software regularly, and recommends that you install the latest version prior to running the EUD.To determine the EUD version on the BIG-IP system, type the following command:eud_infoSupplemental InformationSOL7172: Overview of the End User Diagnostics softwareSOL8950: The eud_info command may cause system instabilitySOL10961: The eud_in
↧
↧
How-To: Creating a new SSL device certificate and key pair
(SOL9114) TopicAn F5 system uses the Secure Sockets Layer (SSL) device certificate to identify itself to a requesting F5 client system. For example, the device certificate is used for device-to-device communication processes, such as configuration synchronization (ConfigSync) and big3d communication.The SSL device certificate is located in the /config/httpd/conf/ssl.crt/server.crt file on the BIG-IP system. The SSL device key is located in the /config/httpd/conf/ssl.key/server.key file on the BIG-IP syste
↧
How-To: Configuring the default IP fragment size on a BIG-IP system
(SOL17102) TopicYou should consider using this procedure under the following conditions:You want to change the default IP fragment size on a BIG-IP system.You expect your BIG-IP system to process a high volume of smaller size IP fragments below the default IP fragment size value.DescriptionBeginning in BIG-IP 11.4.0, as part of the firewall integration, F5 introduced the tm.minipfragsize BigDB variable. You can use this database variable to modify the default IP fragment size, which affects packets that ha
↧
How-To: Monitoring login attempts (11.x - 12.x)
(SOL13426) TopicThis article applies to BIG-IP 11.x and 12.x. For information about other versions, refer to the following article:SOL10261: Monitoring login attempts (9.x - 10.x)Monitoring login attempts is an important part of network security. Successful and failed login attempts are recorded in the BIG-IP system audit log.DescriptionYou can view BIG-IP system login attempts in the Configuration utility and from the command line.Configuration utilityTo view login attempts from the Configuration utility,
↧