When running the BIG-IP LTM (10.2.3) virtual appliance on ESX4 you may observe that only the management interface is seen by the system. [root@localhost:Active] config # b interface showINTERFACEKey Speed Pkts Pkts Drop Coll Bits Bits Errs Trunk Mbps in out in outmgmt UP 100 FD 511 8 0 0 266144 5056 0 Solution To … Read more
Within the Cisco Firewall family (PIX/ASA) there are 2 security features known as Security Levels and NAT Control. Security Levels Security levels are numeric values (between 0 and 100) which are assigned to the firewalls interfaces and used to control traffic flows. Traffic is allowed to pass from a higher security level to a lower … Read more
Overview The OneConnect feature works with HTTP Keep-Alives to minimize the number of server-side TCP connections by reusing existing connections for further HTTP requests.“OneConnect” has 2 methods. They are : OneConnect Profile and OneConnect transformations. Both of which are explained within this article. HTTP Requests Overview HTTP/1.1 requests – HTTP/1.1 dictates that HTTP Keep-Alive connections … Read more
Issue When trying to access your Django site within CSRF configured you receive the following via a Forbidden (403) HTTP error message: CSRF verification failed. Request aborted.No CSRF or session cookie. Solution In my scenario I found that the order of settings.MIDDLEWARE_CLASSES was incorrect. Below shows you an example settings.py MIDDLEWARE_CLASSES = ( ‘django.middleware.csrf.CsrfViewMiddleware’, ‘django.middleware.common.CommonMiddleware’, … Read more
Adaptive Reapers Adaptive reapers provide the ability for the system to automatically clear connections at the point of a predefined threshold being reached. This provides both system and connection stability during the point of a Denial of Service attack.At the point memory usage reaches the low water mark threshold (default %85) all half open connections … Read more
When running the BIG-IP LTM (10.1) Virtual appliance on ESX4 you may observe the following error message (within the /var/log/message file): Unable to attach to PCI device 02:02.00 for Interface 1.1 This results in both interfaces forming the status of un-initialized and in turn failing to pass traffic. Solution To resolve this define each interface … Read more
The Brocade ADX offers 2 methods in which to configure FTP SLB (Server Load Balancing). These methods are : Layer 3 – Uses the sticky and concurrent connection settings to provide FTP SLB.Layer 4-7 – Provides FTP SLB via the use of FTP application awareness (introduced in version 12.3.1d). 1. Layer 3 To Load-balance either … Read more
Purpose The main purpose of this document is to explain the PKI term ‘Chain of Trust’. Summary PKI (Public Key Infrastructure) is a framework built upon protocols, services and standards used to provide authentication, confidentiality, integrity, non-reproduction and access control to digital data. The term ‘Chain of Trust’ is used to describe the trust relationship … Read more
Installation and upgrade of software on the F5 LTM is extremely straight forward. Each image is installed onto a slot, the slot can then be upgraded or re-imaged. 1. Transfer Image Create a directory ‘[root@f5:Active] config # mkdir /shared/images/legacy’ Copy the iso image to the directory ‘/shared/images/legacy’ using scp. Move to the directory ‘[root@f5:Active] config … Read more
Within this article we will look at the commands required for configuring a Site to Site VPN when one peer is using a dynamic IP address. Note : This article does not include the VPN configuration in its entirety only the additional/amended commands required for this scenario. There are 3 configuration settings that are defined. … Read more