Steve Lyons
Steve Lyons
  • 17
  • 55 650
Creating a Client SSL Profile to Restrict Protocols and Ciphers
In this video, I demonstrate how to create a client SSL profile that meets the security requirements defined in the DoD Military Unique Deployment Guide. Those requirements include restricting cipher suites and protocols to increase client and organizational security.
Переглядів: 2 310

Відео

Using LTM Local Traffic Policies, Redirect Users Based on HTTP Host
Переглядів 4,2 тис.5 років тому
In this video, I demonstrate creating a local traffic policy to redirect all users attempting to access google.com to msn.com.
Populating a LTM Pool Using DNS Resolution
Переглядів 1,3 тис.5 років тому
Rather than populating a pool manually for a service that may change without notice, consider using an FQDN node which will auto-populate pool members within your LTM pool.
Configuring Connection Limits Using F5's Local Traffic Manager (LTM)
Переглядів 4,3 тис.5 років тому
This is a very high-level video on configuring connection limits at the virtual server level. You can also apply this limit globally and to a route domain. In the video, I mention this is a start and AFM is still recommended. My intent is to advise that AFM provides enhanced DDoS protections that LTM natively doesn't. By creating a DDoS profile in AFM and assigning it to your LTM virtual server...
Configuring a Response Policy Zone (RPZ) Using the F5 BIG-IP
Переглядів 1,5 тис.5 років тому
In this video, the BIG-IP is used as a recursive DNS server with an RPZ zone to restrict name resolution from occurring for potentially inappropriate websites.
Restricting DNS Query Types Using F5
Переглядів 4905 років тому
In this high-level video I will demonstrate restricting DNS query types using DNS security on the F5 BIG-IP.
DNS Load Balancing with a Transparent Cache
Переглядів 4175 років тому
Due to a common issue customers are running into with domain controllers or DNS servers no longer responding to client queries, I wanted to provide a video on how to use the BIG-IP to perform DNS load balancing as well as a transparent cache to improve DNS response times.
Enabling HSTS and Secure Ciphers to Meet DoD STIG's Using F5
Переглядів 2795 років тому
This is a quick video on creating an HTTP profile with HSTS enabled as well as creating client and server SSL profiles in order to restrict insecure protocols and ciphers using an F5 BIG-IP.
Configuring the F5 BIG-IP as a Recursive DNS Server
Переглядів 3,5 тис.5 років тому
In this brief demonstration, I will be configuring my F5 BIG-IP as a recursive DNS server using a transparent cache. techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-dns-services-implementations-13-0-0.html
Using the F5 BIG-IP to provide Kerberos authentication with end-user logons
Переглядів 4,6 тис.5 років тому
Access Policy Manager® (APM®) provides an alternative to a form-based login authentication method. This alternative method uses a browser login box that is triggered by an HTTP 401 response to collect credentials. A SPNEGO/Kerberos or basic authentication challenge can generate a HTTP 401 response. This option is useful when a user is already logged in to the local domain and you want to avoid ...
F5 BIG-IP Self IP's and SNAT Automap
Переглядів 14 тис.5 років тому
This is a high-level video describing the basic functions of static and floating self IP's. In no way was this meant to cover all SNAT functions but rather a quick visual of the most common uses which include how static self IP's are used to perform health checks and floating self IP's are used for client address translation when Automap is configured on a virtual server.
Using F5 BIG-IP TCP and HTTPS Health Monitors
Переглядів 15 тис.5 років тому
In this short video, I will review the default TCP and HTTPS monitors as well as use a custom HTTPS monitor using my own send and receive strings. I will also demonstrate how to use CURL to determine an appropriate receive string whether that be an HTTPS status code or string within the web page.
Enabling HSTS and Secure Ciphers to Meet DoD STIG's Using F5
Переглядів 1645 років тому
This is a quick video on creating an HTTP profile with HSTS enabled as well as creating client and server SSL profiles in order to restrict insecure protocols and ciphers using an F5 BIG-IP.
Upgrading BIG-IQ to 6.0.1
Переглядів 2546 років тому
In this short video I will demonstrate how to upgrade your existing BIG-IQ instance to 6.0.1.
Upgrading Your F5 BIG-IP Using BIG-IQ
Переглядів 1,2 тис.6 років тому
In this video, I show you how to upgrade a BIG-IP to 14.0.0 using BIG-IQ 6.0.1.
Configuring F5 BIG-IP as a Recursive DNS Server
Переглядів 1,1 тис.6 років тому
Configuring F5 BIG-IP as a Recursive DNS Server
Creating a Backup Schedule Using F5 BIG-IQ 6.0.1
Переглядів 1,2 тис.6 років тому
Creating a Backup Schedule Using F5 BIG-IQ 6.0.1

КОМЕНТАРІ

  • @hdhillon774
    @hdhillon774 4 місяці тому

    thank you, makes sense

  • @masajjad
    @masajjad Рік тому

    @3:34 Thanks! I'm that somebody :) keep up the good work.

  • @sanketbhatia4384
    @sanketbhatia4384 Рік тому

    Thank you for the information.. It helped a lot

  • @ahmedilyas1675
    @ahmedilyas1675 Рік тому

    Really informative and quick thanks Steve.

  • @Lore-M-Ipsum-yew
    @Lore-M-Ipsum-yew Рік тому

    Excellent. Can't thank you enough.

  • @christophermichael.w.7577
    @christophermichael.w.7577 2 роки тому

    Over the next few days I think that I would only like to communicate with people living on the east coast. I hope that I can figure it out

  • @yograjkamathi9535
    @yograjkamathi9535 3 роки тому

    If i want to limit the sessions from particular website / url / fqdn, how to achieve this. In 14.0 later version we can add source IP list however I would like to set this up using website / url / fqdn / dns name.

  • @garychen66
    @garychen66 3 роки тому

    Thank you!

  • @TechnicalUstad
    @TechnicalUstad 3 роки тому

    Thanks Steve.

  • @santoshnaik2115
    @santoshnaik2115 3 роки тому

    Really good and helpful. How do we verify if one customized monitor (example nprd-USS-DEV-API-443-monitor ) is used by multiple pool members or VIP.

  • @ballajaja
    @ballajaja 3 роки тому

    hello, how do you change the partition from /Common to another partition under "General Properties" (not shown in video)

  • @MonsterPOV
    @MonsterPOV 4 роки тому

    Thank you very much! this helped a lot

  • @salamibashiru4276
    @salamibashiru4276 4 роки тому

    Just when i thought i knew it all. This video was very useful for my HA environment

  • @jordanaldrich
    @jordanaldrich 4 роки тому

    Great video, thank you.

  • @tutao2008
    @tutao2008 4 роки тому

    Great video, do u hv a video about Ssl setup and checks when I hv thousand connection and start to slow down webservers?

  • @user-ow8dj7yh5i
    @user-ow8dj7yh5i 4 роки тому

    If configured “0” to the connection limit on the VIP, is it still based on the physical memory of LTM? The concurrent connections will share the physical memory.

  • @mohammedamine2712
    @mohammedamine2712 4 роки тому

    Wonderful. That's the kind of explanations I am looking for to master the networking part of the Big-IP. It is okay for the modules part LTM ASM for example but when it comes what is happening in the background from a networking point of vue it is very complex and few colleagues are able to answer that for me, hopefully there are articles and videos like this one. Hope you could do more about this part, architectures maybe? Some SSL/TLS deep dive also as it is a tricky part, but Networking and SSL are the parts that I enjoy the most while working on BIP-IP. Thanks a lot

  • @jibolatemid
    @jibolatemid 4 роки тому

    Thanks for sharing this video, very easy to follow. I do have a question, for the send string , can i use a port other than 443 say 14000 for the service and if yes would the host part of the string be myway.com:14000/public/service Connection: Close .

  • @WaseemTCS1
    @WaseemTCS1 4 роки тому

    Superb !!! And how do we TShoot for Application SLOWNESS Issues ?

  • @mathurshishir
    @mathurshishir 4 роки тому

    nice! this helps

  • @donamato
    @donamato 4 роки тому

    top video ! thanks

  • @debajyoti727
    @debajyoti727 4 роки тому

    Hello Steve, can you show how to monitor for more than one node member each having its distinct http get url for health check?

  • @nitinjayswal1527
    @nitinjayswal1527 4 роки тому

    Keep doing what you doing thanks

  • @AdhibArfan
    @AdhibArfan 4 роки тому

    Hi Steve, my question is if I have 2 node members, how to monitor each member using https?

    • @debajyoti727
      @debajyoti727 4 роки тому

      Same question

    • @Imjustakid4271
      @Imjustakid4271 2 роки тому

      Use a curl command but instead of using url just type the backend server ip

  • @robinmordasiewicz
    @robinmordasiewicz 5 років тому

    @Steve Lyons has been creating very useful videos giving us great tips.

  • @JuCkeRGhoSt
    @JuCkeRGhoSt 5 років тому

    Hey steve! Can u explain to me in Failover the difference between Network failover and the failsafe because the first one doesnt track the ports state (up/down) so im forced to use failsafe to failover in case of link failure is that normal config or i didnt get the concept?. Thank you.

    • @stevelyons2716
      @stevelyons2716 5 років тому

      Jucker, if you haven't found your answer yet I recommend reading the solution articles on each function. However, at a high level VLAN failsafe uses arp at layer 2 to determine if communication is occurring over a specific VLAN. Gateway failsafe allows you to have a pool of servers at or beyond the default gateway to determine if it is able to route traffic. Network failover is more or less just heart beat validation between devices in a ha pair. support.f5.com/csp/article/K13297 support.f5.com/csp/article/K15367 support.f5.com/csp/article/K75303031 support.f5.com/csp/article/K2397

  • @sambillings4600
    @sambillings4600 5 років тому

    Hello Steve Thank you for this video really appreciate that. I've got one query like In my environment I have got one service for which the nodes are showing not available on BIG IP. we have got everything setup on BIG-IP , we have got send string and we configured receive string of 200 OK but still it marks the pool as down. when I do curl command through CLI it shows 200 OK for the application but for some strange reason BIG-IP couldn't sync up with the servers. How do I determine that whether the service is actually available and its really indeed sending 200 OK back to BIG-IP. I have 2 servers placed one at each data centers and have got BIG-IP to load balancing the traffic btw them. I have got another services running fine on BIG-IP but this is the only service causing me a pain as I couldn't determine if it's an issue with BIG-IP or the server it self. Any help would really appreciable. Thanks again for your time

    • @stevelyons2716
      @stevelyons2716 5 років тому

      Hi Sam, I apologize for the delayed response. Have you done any captures on the pool members themselves to see the HTTP response codes they are sending when the monitor sends the request? Also, to narrow down your capture, remember health monitors use a self IP and not a SNAT IP. If using SNAT, the floating (SNAT) IP will be the client translated address where as the self ip does health monitoring and other system functions.

  • @jamesren4949
    @jamesren4949 5 років тому

    Hi Steve, thanks for the explanation. But you did not explain what 'Unhandled Query Actions' was and what happened when changed to 'No Error'.

    • @stevelyons2716
      @stevelyons2716 5 років тому

      Hi James, sorry for the delayed response. You are right, I didn't get into the details on this since I was really just trying to keep it high level. With that, you ask a great question. The Unhandled Query action is when the query does not match a wide IP or a local zone. Below are the recommended settings for unhandled query actions. F5 recommends that you configure the Unhandled Query Actions setting in the DNS profile as follows: Use the Allow setting (default) if you want to load balance the requests to another authoritative DNS server in the environment, or to local BIND on a GTM-licensed system (if local BIND is enabled using the DNS profile). You should also use the Allow setting if the GTM system sends DNS queries to a pool of DNS resolvers. This setting is also required when DNS cache feature is set to Transparent. Use the Drop setting if the GTM-licensed system is configured as an external, authoritative DNS system. The Drop setting provides maximum protection and security for unmatched packets for systems processing external DNS queries. Use the Reject setting to return a REFUSED status for the DNS query. Use the Hint setting to return a list of the root name servers for the DNS query. Use the No Error setting to return a NOERROR status for the DNS query.

  • @arendkolk1
    @arendkolk1 5 років тому

    face? ;-) the content is what i am looking for. not faces. good basic video

  • @inamrajput
    @inamrajput 5 років тому

    Hi Steve Great video. I have a question. In my scenario, my domain is mydomain.com and I want SSO for example.com. My client machine is part of mydomain.com and the site is on the internet. My question is: What should be my ktpass syntax for this kind of requirement? Like, should it be: 1- HTTP/example.com@mydomain.com -mapuser user@mydomain.com? OR 2- HTTP/example.com@example.com -mapuser user@mydomain.com? Please advise.

  • @robinmordasiewicz
    @robinmordasiewicz 5 років тому

    Hi Steve. Great video on DNS functions in F5.

  • @robinmordasiewicz
    @robinmordasiewicz 5 років тому

    As usual, fantastic content. And hey, is that Steve down in the corner !!!!

  • @robinmordasiewicz
    @robinmordasiewicz 5 років тому

    @steve lyons I have a request. Show your face talking in your videos !

    • @stevelyons2716
      @stevelyons2716 5 років тому

      Hahaha, I thought audio was a big start! Now my face? Ahh man, this is getting serious! ;)

    • @robinmordasiewicz
      @robinmordasiewicz 5 років тому

      Your videos are always well done and informative.