-
HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487) Attack Advisory
An emerging threat, the HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487), has been identified as a new application layer denial-of-service attack that brings a significant risk to network security. This vulnerability allows attackers to exploit the HTTP/2 protocol's design and any organizations running web, application,…
-
session log is show reserve source and destination is ip 0.0.0.0 and client is not use web http
Hi, i check a box in log session is reserve source & destination is 0.0.0.0 and client says it cannot use web http quesion What could be the cause? Because when the client cannot use web http, the log session reserve source & destination will show the IP value 0.0.0.0.
-
How to Properly Move WordPress from HTTP to HTTPS
Hi, Everyone I am making a site on WordPress, I am new to Wordpress and want to know how can I move Wordpress from Http to Https. I have a new security site like (Face Recognition Online) and also looking for SSL security algorithm. So that I can save my sites from hacking or illegal use. Thanks
-
IPv4 users to IPv6 Public IP
Hi How do I set up a CGNAT where internal users are IPv4 and need to be NATed to IPv6? Do I have to configure it has a 44LSN and just change the nat pool with IPv6? I read TRSOL but I don´t find any related information Regards.
-
Remote connection by domains, IPs and URLs of A10
Hi. How to achieve a remote connection through domains, IP's and URLs that have been provided to us for a few days, we managed to install a Thunder 1040 and the client requires this information. You need to know the IP address of the harmony controller to be able to establish a remote connection and start its…
-
A10 network updates
Hi. Does anyone know where I can see what are all the public IPs and domains that the appliance seeks to connect for ACOS updates?
-
Harmony Controller
hi. How can I configure the A10 Harmony Controller from CLI or Web, have its IP address to connect it to the Internet
-
A10 Thunder
Hello! Where can I find CIS level documents for A10 Thunder 1040 or similar to do the hardening.
-
GSLB Site
Hi When the GSLB Gateway site fails, do the SIPs related to this site go down in the gslb zone?
-
GSLB Gateway transparent Health monitor validation
Hello How can I configure the A10 to validate the GSLB gateway using a Health check with transparent to 8.8.8.8? for example, like we do in slb server because by default GSLB gateway validation is an ICMP to the gateway IP but if the gateway is UP but does not have access to the Internet the A10 will not know so it will…
-
502 Bad Request
Hello, I need your help. I have a subdomain which is throwing 502 bad request and is published on the internet, to get out of the problem quickly, I migrated its VIP to the old netscaler balancer and it started working without problems. Could you help me see what is happening? I have taken traffic captures and they do not…
-
VRRP-A and aVCS Configuration
Hello, I'm looking for some advice on a pair of AX1030's configured with VRRP-A and aVCS to be deployed. The cluster is configured to use VRRP-A and aVCS on interface Ethernet6. The devices appear to be working according to show vrrp-a and show vcs summary. These are the devices. AX1-Active-vMaster[1/1]…
-
Snat in NHLD with alternate server
Hi I have this scenario in a client´s infrastructure where they have 2 Internet links in active pasive mode slb server LINK-1 20.20.20.1 alternate LINK-2 port 0 tcp port 0 udp slb server LINK-2 30.30.30.1 port 0 tcp port 0 udp --------------------------------------------------------------------------- slb service-group…
-
Configure HA a/p on Thunder1040
Good afternoon, I'm new in the forum. I have 2 Thunder1040-F devices with firmware 5.2.1-p3, build 70, we want to configure HA in active/passive mode, what would be the procedure to do it. and that the synchronization is done automatically from the primary to the secondary Thank you
-
Redirect traffic based on Destination IP
Hi guys I´m trying to redirect traffic based on destination IP using an Aflex, for example if a internal user sends traffic to 20.20.20.20 the A10 will redirect the traffic to a specified service group Aflex: Test #1 when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 20.20.20.20] } { pool APACHE } } Test #2…
-
"msg": "Could not create health monitor -> Reach max account limitation”.
While adding addition health monitors on our exsisting TH1080 A10 boxes we are getting below error "msg": "Could not create health monitor -> Reach max account limitation”. Is it something related to resoures for health monitors reached maximum ?
-
Destination IP rewrite NHLD
Hi Guys Is there a way to rewrite a Destination IP based in NHLD? For example if an internal client send traffic to the IP 1.1.1.1 the Wildcard will receive the traffic and the A10 will rewrite the destination from 1.1.1.1 to 20.20.20.20
-
How can I use a VS IP as a source NAT in WILDCARD VS
Hi, guys. I've observed instances in various clients where an SLB VS is configured alongside NHLD. When an internal client accesses the Internet, the SNAT is typically a pool or auto-NAT, based on our configuration. However, there are scenarios where exceptions are necessary, and an internal client must use the SLB VS IP…
-
HTTP Strict Transport Security (HSTS)
Hello, can any share me the Aflex script for HTTP Strict Transport Security (HSTS).
-
DNS Response as Authoritative from GSLB server mode A10
Hi I want to configure the a10 to response as Authoritative so when someones quieres a FQDN in the A10 as server mode they will get the Authority flag = 1 I attach some screenshoots from my lab As you can see in the second screenshot authority = 0 Thanks for the help!
-
GSLB Sticky when clients use multiple DNS servers
Hi - I hope you can help me with this situation. It seems it would be pretty common. We have a particular load balanced internal/external application with a 43 minute timeout. We have two SLB devices both serving this application in 2 datacenters. In front of that we have GSLB configured with a 60 minute sticky DNS policy…
-
No Server Certificate Validation
Hello Team I currently have a server that does not load the page because it has an expired certificate. I was asked to pass this service through the balancer and have the A10 not validate the server certificate and load the page. On the advanced configuration of the server's virtual port I enabled the NO SSL option, as I…
-
WAF bot_define
WAF feature block traffic then enable WAF ( Bot-Define): CEF:0|A10|TH1030S|4.1.1-P3|WAF4|bot-check|6|rt=Sep 15 2017 13:49:40 src=52.220.96.111 spt=62290 dst=10.0.0.220 dpt=443 dhost=uat.api-acledabank.com cs1=UAT-API-ACLEDA cs2=4ce1c66d87d59b2d act=deny cs3=active app=HTTPS requestMethod=POST cn1=0 request=/login…
-
GUI Access A10 Certificate
Hello Team Hi, I currently manage a Vthunder through a VPN, when accessing the A10 via WEB I get a certificate error "This connection is invalid. SSL certificate expired" but by SSH if I can access the A10. Do you know of any error inside the balancer, or what can cause this.
-
Upload SSL certs to an A10 vThunder via axapi v3.0
Hi All, Can anybody tell me how to upload SSL Certs to an A10 vThunder via axapi 3.0? I want the certificate to be in the payload of the request, rather than having it on a remote server, as I don't want the A10 to be able to connect to outside servers. Thanks.
-
The ADC NAT pool port cannot be released
Have you ever encountered the issue of ADC device NATpool port occupancy that cannot be released? The ISP connection count is around 17,000, but the nat pool statistics show that the port usage has reached 37,000, which is many times more than the actual usage. The port usage will continue to increase until there are…
-
Shared VLAN ... where to start?
I'm hoping to reuse a VLAN between two partitions. Different address space, but the same VLAN. I see there is a "shared-vlan" feature, but I can't find documentation for it beyond the CLI guide. Anyone know if this works for data plane traffic? Got an example, or better configuration info?
-
What HTTP header length limits are in force?
I am wondering what limitations are imposed on the length of a single HTTP header and what limitations are imposed on the aggregate length of all HTTP headers in a client request on an http port. We stumbled over a problem with some clients where the Authorization: header is in excess of 12 kbytes. The connection is reset…
-
Maintain session with ChatID object
Hello, I need to know if an aFlex can be created that maintains the session with the ChatID object, this object is the ID of the chats that clients have with executives, which close the session before the client ends the chat.
-
2 Active Link and 1 Backup Link
Hi All, I have three ISP links. I want to configure 2 active links and 1 backup link (active when 2 primary links are down). I can configure a10 for 2 ISP links but the backup link doesn't have any idea. Could you please share a sample configuration for my problem? Thank you.
-
[T&C] CGNAT Port Reservation (Port Forwarding) with Firewall using Thunder CGN/CFW
In this article we will see how you can implement CGNAT Static Port Reservation (also known as Port Forwarding) using A10 Thunder CGN/CFW. Deployment Scenario Here is the deployment scenario: We have two internal services that we want to make accessible to the outside world using Thunder CGN/CFW: SSH server running on…