F5 BIG-IP CORS – What is it, and how to enable

Cross Origin Resource Sharing (CORS) is a mechanism that allows your system to access resources from a different domain than the domain the original request was made to. By default, you can’t support F5 BIG-IP CORS requests directly to its management application. This includes the REST api. It’s a bit of a tricky functionality as it is prone to abuse if not properly implemented. Continue reading “F5 BIG-IP CORS – What is it, and how to enable”

F5 303 Exam Study Guide – Part 2

The second part of the f5 303 exam is all about scenarios for building and maintaining a security policy. Be prepared to answer questions that are very much in the grey zone. Most of the questions in part two expect you to have read the marketing blurb about ASM and forgetting a little about the many different facets of web app security and app complexity in a real life scenario. Here’s an example: You are doing an implementation for an F5 customer and have one week to build a security policy, what is the right way to do it?

Continue reading “F5 303 Exam Study Guide – Part 2”

McAfee’s Nitro SIEM – BigIP v11 Integration

Today I will give you a quick and easy solution for configuring high speed logging on F5 BIG-IP destined for McAfee’s Security and Information Event Manager (SIEM). All you have to do is formatting the LTM/ASM logs in a way that McAfee understands.

If you’re reading this you probably ran into an issue parsing the logs coming from a v11 F5 BIG-IP in your McAfee Nitro Receiver. You probably tried configuring a logging profile on your F5 BIG-IP ASM and found that the logs don’t seem to show up correctly in your McAfee SIEM. You probably also found lots of forum Q&A’s pointing you to using a complicated iRule to send logs in NEDS format to your McAfee receiver. It’s your lucky day, there’s an easier solution for this! Continue reading “McAfee’s Nitro SIEM – BigIP v11 Integration”

F5 SSL Labs A+

Update: 09/10/2018

SSLLabs have changed its requirements for cipher suites. The new cipher string is:

!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4

So I’m going to make a how to about something I’m not sure I agree with, but because it seems to be a big hit nowadays, I’ll do it anyway. Qualys’ SSL labs website. I love to be secure, and I want everybody to be secure on the website. The aggregate amount of lost time and problems people have due to unencrypted information must be enormous, but I get a bit annoyed with how the SSL labs website is now dictating how we do our security /End soapbox. Continue reading “F5 SSL Labs A+”

F5 303 Study Guide – Part 1

F5 303 Study Guide – Part 1

Objective 1

In recent years, we’ve seen a lot of attacks on web applications, compromising a lot of data including PII, PHI and username/password combinations, which become feeds for phishing and other attacks. Check out the article I put together on what is a waf and why should I have one to look into some specifics, but I think today its not a question of will we be attacked with a web presence, to when have we been attacked, and were they successful?

Continue reading “F5 303 Study Guide – Part 1”

Becoming an ASM F5 Certified Engineer

I recently decided to start going through the F5 certification series. I’ve taken 101 Application Delivery Fundamentals, 201 TMOS administration, and 303 ASM Technology Specialist exams. I’m now one of about 3000 F5 certified engineers world wide – and I’m pretty happy about that. I’m in the category that holding certifications doesn’t prove one way or another whether you’re able to develop and maintain a  system in the real world, but it does prove though that you’re willing to go the extra mile to take the exam and prove a level of knowledge and grasp of the topics. We all know the further you get away from the school and college times of having to take an exam every other week, the harder it gets to actually sit down and take a test!

Continue reading “Becoming an ASM F5 Certified Engineer”

F5 License Activation

F5 license activation or reactivation is very simple. There are basically two reason why you reactivate your license.

1. You are adding a new module to your device with an add-on key.

2. You want to do an upgrade. The Software image needs to know that you have an active support contract to successfully install. You will see that there is a service check date in the install. If your support contract runs out/ your license expires you won’t be able to do any upgrades beyond that date.

To reactivate the license on your device follow these easy steps:

Continue reading “F5 License Activation”

F5 Hotfix Install and Configuration

Today I’m going to be covering how to do an F5 Hotfix installation or upgrade. Before going into the step by step guide here is some information about how F5 structures their code releases. Up to version 11.5.1 F5’s code schema was major_release(11).minor_release(5).maintenance_release(1). Since 11.5.2 and going forward the maintenance_release is replaced by Hotfix roll ups, plus additional bug and security fixes. Let’s work our way from the back up. Continue reading “F5 Hotfix Install and Configuration”

F5 BIG-IP Device Service Cluster Configuration

One question people ask me is “What is the best way to setup a HA?” Also known as an F5 BIG-IP Device Service Cluster, what are the steps are to configure one. There’s a few tricks, and missing one might mean hours of troubleshooting for something simple. I’ll go through the steps to setting up the group right on the first try below. A few things to note. With the device clusters, you can now create multiple active devices in a cluster, but generally I prefer to still run things active/standby. Also, you can pair different types of devices such as VE’s with hardware, or different types of hardware, but I also don’t recommend this. Some things may not work, such as mirroring, and it ends up complicating things unnecessarily.

Continue reading “F5 BIG-IP Device Service Cluster Configuration”

F5 BIG-IP vCMP Configuration

If you haven’t read step 1 here Starting out with vCMP, first take a look. This describes the features of F5 BIG-IP vCMP. With the basic system settings all set and licensed, go into the System: Resource Provisioning to provision vCMP. You can also do this step as part of the initial setup wizard. You’ll notice that when you have vCMP provisioned, the only option is dedicated, and that when you select it, no other modules can be provisioned with it; provisioning modules such as LTM will disable vCMP.

Continue reading “F5 BIG-IP vCMP Configuration”