The F5 Guy

I recently had the pleasure of working on a Citrix 5.0 implementation and I wanted to share a few things that I learned during that setup.  As many of you know, there are two deployment guides that have been made available by F5 Networks in regards to setting up Citrix Presentation Server 4.5 in TMOS versions 9.x and 10.x.  They are excellent guides and the best thing about them is that you can utilize those guides to assist you in deploying Citrix XenApp 5.0, with a few exceptions of course.  Those exceptions are what I will be covering in this tech tip.

Both of the previously mentioned deployment guides discuss editing files on the Citrix farms Web Interface servers so that it looks for the client IP address in the X-Forwarded-For HTTP header.  Otherwise, every connection will appear to be originating from the BIG-IP LTM and not from its true IP.  After reading both guides and looking at my current environment I was dismayed to find that the files and locations mentioned were no longer valid.  I then turned to my top three resources on the web in the search for an answer: AskF5, DevCentral and Google.

Read More >>

I learned an interesting thing about the Config Sync process the other day and I wanted to share the story with others in the community.  I was on a BIG-IP 6400 unit that was the Active unit in an Active/Standby pair, just doing some pre-spring cleaning (I bet there are some Network Support Engineers shaking their head right about now) and decided I needed to clear out all of the old expired SSL certificates out of the certificate store on the unit.

No problem, I identified all of the expired certificates, checked the box beside them and hit the delete button at the bottom of the page.  After verifying everything was still happy and the support tickets didn’t start flooding my inbox I decided to run a config sync and push the config changes over to the standby box.

The config sync ran without a problem and the gui showed Config Sync: OK.  I then proceeded to check my changes on the standby unit, just for verification purposes.  And that ladies and gentlemen, is when the fun began….

Read More >>

I was going through the database of articles on AskF5 today and found an awesome feature that I wanted to highlight.  My interest was first sparked because of an article that Lori MacVittie about cookie encryption.  That article can be found here.

So that got me to thinking… how can someone do this in an iRule?  I have to admit I haven’t really looked into it that much previously because we utilize an ASM module running on a 4100 unit.  The 4100 can do a lot of different things regarding cookies such as checking if a cookie has been modified and if the cookie was obtained in a previous session.  I figured I would hit the AskF5 database to see what I could turn up and I uncovered this little gem:

Read More >>

This just in and hot off the press.  F5 Networks has created an MVP Program as a way to “to honor those who, without incentive, contribute to the greater good of our community.”  Check out the link for all the details or go over and listen to Podcast #117, which was dedicated to highlight the seven people who were chosen to be the first of F5 Networks MVP’s.

I am also very excited to say that I have been selected to be a F5 Networks MVP!

That’s right, TheF5Guy is now an F5 Networks MVP!  I consider it a great honor and am very excited to say the least!  I go by the alias “naladar” in the DevCentral Forums and you can check out my profile here:  http://devcentral.f5.com/Default.aspx?tabid=2242.  You have to be a member of DevCentral in order to view the page, but it is free to join!

Read More >>

What is the value of attending the SecureWorld Expo?  I have been thinking about that a bit lately and have come to a few conclusions.  I will preface my arguement by saying that the SecureWorld Expo experience is invaluable to everyone.  No, I am not limiting it to I.T. folks.  As more and more people become educated about how important it is to have a positive security posture, the better things will be for everyone involved.  Well everyone except for the hackers of course!

I am stating the obvious here I know, but how many of you out there have worked at places where people guard their security knowledge like it’s KFC’s secret recipe for chicken?  Have you ever had to work with a security expert that can tell you every law of governance, but never truly explain WHY those laws are in place?  Ever talk to a business partner not in I.T. that just didn’t get why the web applications needed to be protected by a web application firewall or why ALL the ports on the firewall couldn’t be opened up?  I talked to a large number of people that worked at well known companies and each said that is the case where they work.  Of the group I talked to it was about 50% from the business arena and 50% from the IT side of the house, but they were all there for a common goal….

Read More >>