-
HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487) Attack Advisory
An emerging threat, the HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487), has been identified as a new application layer denial-of-service attack that brings a significant risk to network security. This vulnerability allows attackers to exploit the HTTP/2 protocol's design and any organizations running web, application,…
-
Version/Upgrade/Backup
Hello everyone, I'm unsure how to access the most recent version of the solution; currently, I'm on version 5.0.6.94. Could someone please clarify which version is the latest? Additionally, I'd appreciate guidance on upgrading to the latest version and backing up data on aGalaxy DDoS protection. Thank you!
-
Error HTTP 431
Hi everyone, I would like to ask a question, to see if something similar has happened to anyone else. We have a public service that we balance on the A10s we have deployed in Azure, and the application developers have notified us that they are receiving an HTTP 431 error in the browsers, which may be caused by our…
-
Cookie Persistance
I have seen that some people prefer to use Aflex for cookie persistence, while others prefer to use an SLB template. Which do you think is the best?"
-
GSLB gateway failover
Hello I am trying to configure an A10 with 2 Internet Links to do response with a backup ip when gateway health check fails so I followed Multiple Gateway Links Configuration in the A10-GSLB.pdf but it´s not working This is an example of my configuration: gslb service-ip SIP-1 1.1.1.3 health-check HTTPS port 443 tcp…
-
Reporting problem
Can someone help me with this problem? Failed to push zone Vlada_vremen_1 configuration on devices. Error: Failed to configure zone on detector group: Failed to configure Zone Vlada_vremen_1 on detector: Number of reports enabled is above limit, must configure "reporting-disabled".
-
aGalaxy DDoS Protection
I'm currently encountering an issue with Galaxy NetFlow where I'm unable to view the netflow data, despite having checked and confirmed that the configuration is correct. Could someone kindly assist me with troubleshooting this matter? Any help would be greatly appreciated. Thank you!
-
TCP default timeout on HTTP profile
Hello, I need help timeouts. We have a https virtual server, when i see its configuration "with-default" i see it has default tcp profile attached to it. As far as i know default tcp profile has idle timeout of 120secs. If i want to change this idle timeout to 300secs, how do I do it? Should i create a new TCP template…
-
Internet Access
Hello Does anyone know where I can request internet permission for the a10 network balancers and validate access?
-
session log is show reserve source and destination is ip 0.0.0.0 and client is not use web http
Hi, i check a box in log session is reserve source & destination is 0.0.0.0 and client says it cannot use web http quesion What could be the cause? Because when the client cannot use web http, the log session reserve source & destination will show the IP value 0.0.0.0.
-
How to Properly Move WordPress from HTTP to HTTPS
Hi, Everyone I am making a site on WordPress, I am new to Wordpress and want to know how can I move Wordpress from Http to Https. I have a new security site like (Face Recognition Online) and also looking for SSL security algorithm. So that I can save my sites from hacking or illegal use. Thanks
-
IPv4 users to IPv6 Public IP
Hi How do I set up a CGNAT where internal users are IPv4 and need to be NATed to IPv6? Do I have to configure it has a 44LSN and just change the nat pool with IPv6? I read TRSOL but I don´t find any related information Regards.
-
Remote connection by domains, IPs and URLs of A10
Hi. How to achieve a remote connection through domains, IP's and URLs that have been provided to us for a few days, we managed to install a Thunder 1040 and the client requires this information. You need to know the IP address of the harmony controller to be able to establish a remote connection and start its…
-
A10 network updates
Hi. Does anyone know where I can see what are all the public IPs and domains that the appliance seeks to connect for ACOS updates?
-
Harmony Controller
hi. How can I configure the A10 Harmony Controller from CLI or Web, have its IP address to connect it to the Internet
-
A10 Thunder
Hello! Where can I find CIS level documents for A10 Thunder 1040 or similar to do the hardening.
-
GSLB Site
Hi When the GSLB Gateway site fails, do the SIPs related to this site go down in the gslb zone?
-
GSLB Gateway transparent Health monitor validation
Hello How can I configure the A10 to validate the GSLB gateway using a Health check with transparent to 8.8.8.8? for example, like we do in slb server because by default GSLB gateway validation is an ICMP to the gateway IP but if the gateway is UP but does not have access to the Internet the A10 will not know so it will…
-
502 Bad Request
Hello, I need your help. I have a subdomain which is throwing 502 bad request and is published on the internet, to get out of the problem quickly, I migrated its VIP to the old netscaler balancer and it started working without problems. Could you help me see what is happening? I have taken traffic captures and they do not…
-
GSLB gateway failover
Hello I am trying to configure an A10 with 2 Internet Links to do response with a backup ip when gateway health check fails so I followed Multiple Gateway Links Configuration in the A10-GSLB.pdf but it´s not working This is an example of my configuration: gslb service-ip SIP-1 1.1.1.3 health-check HTTPS port 443 tcp…
-
VRRP-A and aVCS Configuration
Hello, I'm looking for some advice on a pair of AX1030's configured with VRRP-A and aVCS to be deployed. The cluster is configured to use VRRP-A and aVCS on interface Ethernet6. The devices appear to be working according to show vrrp-a and show vcs summary. These are the devices. AX1-Active-vMaster[1/1]…
-
Snat in NHLD with alternate server
Hi I have this scenario in a client´s infrastructure where they have 2 Internet links in active pasive mode slb server LINK-1 20.20.20.1 alternate LINK-2 port 0 tcp port 0 udp slb server LINK-2 30.30.30.1 port 0 tcp port 0 udp --------------------------------------------------------------------------- slb service-group…
-
Configure HA a/p on Thunder1040
Good afternoon, I'm new in the forum. I have 2 Thunder1040-F devices with firmware 5.2.1-p3, build 70, we want to configure HA in active/passive mode, what would be the procedure to do it. and that the synchronization is done automatically from the primary to the secondary Thank you
-
Redirect traffic based on Destination IP
Hi guys I´m trying to redirect traffic based on destination IP using an Aflex, for example if a internal user sends traffic to 20.20.20.20 the A10 will redirect the traffic to a specified service group Aflex: Test #1 when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 20.20.20.20] } { pool APACHE } } Test #2…
-
"msg": "Could not create health monitor -> Reach max account limitation”.
While adding addition health monitors on our exsisting TH1080 A10 boxes we are getting below error "msg": "Could not create health monitor -> Reach max account limitation”. Is it something related to resoures for health monitors reached maximum ?
-
Destination IP rewrite NHLD
Hi Guys Is there a way to rewrite a Destination IP based in NHLD? For example if an internal client send traffic to the IP 1.1.1.1 the Wildcard will receive the traffic and the A10 will rewrite the destination from 1.1.1.1 to 20.20.20.20
-
How can I use a VS IP as a source NAT in WILDCARD VS
Hi, guys. I've observed instances in various clients where an SLB VS is configured alongside NHLD. When an internal client accesses the Internet, the SNAT is typically a pool or auto-NAT, based on our configuration. However, there are scenarios where exceptions are necessary, and an internal client must use the SLB VS IP…
-
HTTP Strict Transport Security (HSTS)
Hello, can any share me the Aflex script for HTTP Strict Transport Security (HSTS).
-
DNS Response as Authoritative from GSLB server mode A10
Hi I want to configure the a10 to response as Authoritative so when someones quieres a FQDN in the A10 as server mode they will get the Authority flag = 1 I attach some screenshoots from my lab As you can see in the second screenshot authority = 0 Thanks for the help!
-
GSLB Sticky when clients use multiple DNS servers
Hi - I hope you can help me with this situation. It seems it would be pretty common. We have a particular load balanced internal/external application with a 43 minute timeout. We have two SLB devices both serving this application in 2 datacenters. In front of that we have GSLB configured with a 60 minute sticky DNS policy…
-
No Server Certificate Validation
Hello Team I currently have a server that does not load the page because it has an expired certificate. I was asked to pass this service through the balancer and have the A10 not validate the server certificate and load the page. On the advanced configuration of the server's virtual port I enabled the NO SSL option, as I…