Recently, a customer wanted to have a custom F5 APM logon page branded. The GUI lets you do nothing more than just some colors or change the logo. With a little bit of web experience and a lot of F5 experience, I felt like I was up to the challenge. I started by diving into the advanced customization section of the APM module.
Cross Origin Resource Sharing (CORS) is a mechanism that allows your system to access resources from a different domain than the domain the original request was made to. By default, you can’t support F5 BIG-IP CORS requests directly to its management application. This includes the REST api. It’s a bit of a tricky functionality as it is prone to abuse if not properly implemented. Continue reading “F5 BIG-IP CORS – What is it, and how to enable”
The second part of the f5 303 exam is all about scenarios for building and maintaining a security policy. Be prepared to answer questions that are very much in the grey zone. Most of the questions in part two expect you to have read the marketing blurb about ASM and forgetting a little about the many different facets of web app security and app complexity in a real life scenario. Here’s an example: You are doing an implementation for an F5 customer and have one week to build a security policy, what is the right way to do it?
Today I will give you a quick and easy solution for configuring high speed logging on F5 BIG-IP destined for McAfee’s Security and Information Event Manager (SIEM). All you have to do is formatting the LTM/ASM logs in a way that McAfee understands.
If you’re reading this you probably ran into an issue parsing the logs coming from a v11 F5 BIG-IP in your McAfee Nitro Receiver. You probably tried configuring a logging profile on your F5 BIG-IP ASM and found that the logs don’t seem to show up correctly in your McAfee SIEM. You probably also found lots of forum Q&A’s pointing you to using a complicated iRule to send logs in NEDS format to your McAfee receiver. It’s your lucky day, there’s an easier solution for this! Continue reading “McAfee’s Nitro SIEM – BigIP v11 Integration”
SSLLabs have changed its requirements for cipher suites. The new cipher string is:
So I’m going to make a how to about something I’m not sure I agree with, but because it seems to be a big hit nowadays, I’ll do it anyway. Qualys’ SSL labs website. I love to be secure, and I want everybody to be secure on the website. The aggregate amount of lost time and problems people have due to unencrypted information must be enormous, but I get a bit annoyed with how the SSL labs website is now dictating how we do our security /End soapbox. Continue reading “F5 SSL Labs A+”
F5 303 Study Guide – Part 1
In recent years, we’ve seen a lot of attacks on web applications, compromising a lot of data including PII, PHI and username/password combinations, which become feeds for phishing and other attacks. Check out the article I put together on what is a waf and why should I have one to look into some specifics, but I think today its not a question of will we be attacked with a web presence, to when have we been attacked, and were they successful?
I recently decided to start going through the F5 certification series. I’ve taken 101 Application Delivery Fundamentals, 201 TMOS administration, and 303 ASM Technology Specialist exams. I’m now one of about 3000 F5 certified engineers world wide – and I’m pretty happy about that. I’m in the category that holding certifications doesn’t prove one way or another whether you’re able to develop and maintain a system in the real world, but it does prove though that you’re willing to go the extra mile to take the exam and prove a level of knowledge and grasp of the topics. We all know the further you get away from the school and college times of having to take an exam every other week, the harder it gets to actually sit down and take a test!
F5 license activation or reactivation is very simple. There are basically two reason why you reactivate your license.
1. You are adding a new module to your device with an add-on key.
2. You want to do an upgrade. The Software image needs to know that you have an active support contract to successfully install. You will see that there is a service check date in the install. If your support contract runs out/ your license expires you won’t be able to do any upgrades beyond that date.
To reactivate the license on your device follow these easy steps:
Today I’m going to be covering how to do an F5 Hotfix installation or upgrade. Before going into the step by step guide here is some information about how F5 structures their code releases. Up to version 11.5.1 F5’s code schema was major_release(11).minor_release(5).maintenance_release(1). Since 11.5.2 and going forward the maintenance_release is replaced by Hotfix roll ups, plus additional bug and security fixes. Let’s work our way from the back up. Continue reading “F5 Hotfix Install and Configuration”
One question people ask me is “What is the best way to setup a HA?” Also known as an F5 BIG-IP Device Service Cluster, what are the steps are to configure one. There’s a few tricks, and missing one might mean hours of troubleshooting for something simple. I’ll go through the steps to setting up the group right on the first try below. A few things to note. With the device clusters, you can now create multiple active devices in a cluster, but generally I prefer to still run things active/standby. Also, you can pair different types of devices such as VE’s with hardware, or different types of hardware, but I also don’t recommend this. Some things may not work, such as mirroring, and it ends up complicating things unnecessarily.