F5 dump -i any -vvv

Just a bunch of F5 nuggets

F5 Brain Dump

A collection of F5 notes from things been studying or have consulted on

Security Advisory CVE-2020-5902

The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. (CVE-2020-5902)


This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the Configuration utility, through the BIG-IP management port and/or self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable. This issue is not exposed on the data plane; only the control plane is affected.

CVE-2020-5902 IoC Detection Tool

Change fail-over timeouts

I've found this is very usefull in cloud envirment as these may not be as stable as private networks.

Changing the failover.nettimeoutsec database value

You can change the failover.nettimeoutsec database value from the default of three seconds to a new value. To do so, perform the following procedure:

Impact of procedure: Changing the failover.nettimeoutsec to a value that is less than the default of three seconds may unnecessarily increase failover events. Conversely, changing the variable to a value that is too high may delay actual failover events.

Log in to the TMOS Shell (tmsh) by typing the following command:


Modify thendatabase key by using the following command syntax, where <new_value> is the desired value (between 1 and 120 seconds):

modify /sys db failover.nettimeoutsec value <new_value>

For example, to set the failover.nettimeoutsec value to 5 seconds, type the following command:

modify /sys db failover.nettimeoutsec value 5

Save the change by typing the following command:

save /sys config