f5-appsvcs-extension icon indicating copy to clipboard operation
f5-appsvcs-extension copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Include "security protected-servers traffic-matching-criteria" object and VS attribute

Open grf5 opened this issue 3 years ago • 3 comments

Is your feature request related to a problem? Please describe.

I'm trying to deploy a configuration using the "security protected-servers" TMOS components and these appear to not be supported by AS3.

Describe the solution you'd like

AS3 would implement the "security protected-servers traffic-matching-criteria" object and the corresponding VS keyword.

Describe alternatives you've considered

None.

Additional context

Example configuration:

net address-list /Common/any_address {
    addresses {
        0.0.0.0%1/0 { }
    }
    description "ANY address"
}
net address-list /Common/tgw_vpc_AWS1_address {
    addresses {
        10.10.0.0%1/16 { }
        10.11.0.0%1/16 { }
    }
    description "TGW VPC address space"
}
security protected-servers traffic-matching-criteria /Common/vs_tgw_test_app_VS_TMC_OBJ {
    destination-address-inline 0.0.0.0
    destination-address-list /Common/tgw_vpc_AWS1_address
    destination-port-inline 443
    protocol tcp
    route-domain /Common/dataplane
    source-address-inline 0.0.0.0
    source-address-list /Common/any_address
}
 
ltm profile client-ssl /Common/client_ssl_portal-dev.AWS1.lab {
    app-service none
    cert-key-chain {
        portal-dev.AWS1.lab {
            cert /Common/portal-dev.AWS1.lab_2022
            chain /Common/portal-dev.AWS1.lab_2022
            key /Common/portal-dev.AWS1.lab_2022
        }
    }
    defaults-from /Common/clientssl
    inherit-ca-certkeychain true
    inherit-certkeychain false
}
 
ltm virtual /Common/vs_tgw_test_app {
    ip-protocol tcp
    pool /Common/geneve-tunnel
    profiles {
        /Common/client_ssl_portal-dev.AWS1.lab {
            context clientside
        }
        /Common/http { }
        /Common/serverssl {
            context serverside
        }
        /Common/tcp { }
    }
    serverssl-use-sni disabled
    source-port preserve-strict
    traffic-matching-criteria /Common/vs_tgw_test_app_VS_TMC_OBJ
    translate-address disabled
    translate-port disabled
    vlans {
        /Common/geneve
    }
    vlans-enabled
}

grf5 avatar Sep 21 '22 23:09 grf5

Wondering if any updates here? @grf5

vkm2510 avatar Oct 05 '22 13:10 vkm2510

Thank you @vkm2510. I have added this issue to our internal product backlog as AUTOTOOL-3503. In order to prioritize and understand the issue better, please reach out to us at [email protected]

sunitharonan avatar Oct 06 '22 14:10 sunitharonan

Thanks for contact the PM. Added to the next sprint. Will provide a update once assigned

mdditt2000 avatar Oct 11 '22 04:10 mdditt2000

Unfortunately, there are still several BIG-IP bugs that prevent AS3 from configuring address lists and port lists. We cannot provide a robust user experience for this feature until the following bugs are resolved:

931797 872981 934133

sunitharonan avatar Oct 20 '22 18:10 sunitharonan