Redirection and passing the original URL to backend server in netscaler


We have recently got a new use case for the netscaler redirection. The aim was to redirect the request and at the same time passing the original request from netscaler to the backend servers. I searched a lot and could not find very clear instructions and so thought of writing one myself.

So in this step-by-step guide, the end users will be calling http://netscaler-ip/test/index.html and they will be redirected to the backend servers at http://backend-server/dump/index.html. Besides this the backend server would also be passed the original URL which the end user is calling. In our case this is http://netscaler-ip/test/index.html.  Please note that normally the backend servers will not get the url called by end-users but instead the url which is being called by netscaler.


Assuming the server, services, Virtual Server and Content Switching Virtual server(if required) is already configured. So you are able to call the http://backend-server/test/index.html by calling http://netscaler-ip/test/index.html

So the first step is to configure the redirection policy.


Netscaler policies
Netscaler policies

Create a redirection policy as shown below :

redirection policy using netscaler rewrite
redirection policy

Also create the corresponding rewrite action :



Here in the above rewrite action, we wanted to replace “test” with the “dump” in the URL. The last part is to attach this policy to our virtual server. So now whenever the http://netscaler-ip/test/index.html will be called, it will be redirected to http://backend-server/dump/index.html.

However this only achieves 50% of our goal. So if we would check the apache logfiles in the backend server, it will look as follow :

Apache access logfiles

So in the apache logfiles, one can only see the URL which the netscaler is calling but not the original URL which the end user has called.

In order to achieve the rest half of the goal, I created another policy as shown below :


Important is the corresponding action for this policy and as the name suggest, here we are doing insert header :



As you can see in the above snip, the type is INSERT_HTTP_HEADER and HTTP.REQ.HOSTNAME + HTTP.REQ.URL.PATH_AND_QUERY is used to create the original URL. Also do not foget to check the “Bypass safety check” option.

In the end, you have to attach this policy as well to the virtual server. But make suer that the policy inserting header with original request has a lower priority so that it gets executed before the redirection actually happens.

policy bind to vs

Now it is time to test again and you can see that the original URL can be seen in the apache logs.


One open question is if this goal can be achieved without bypassing safety check in rewrite action for the insert header option.

Any better approach of feedback is welcome.


Setting up F5 BIG IP lab at home

Since few days, I have been trying to set up F5 BIG IP lab at home to practise for the F5 BIG IP LTM specialist exam 301a. Yes, you guessed it right,  I have already completed my F5 BIG IP 101 and 201 by referencing some books, study guide at F5 website and some practical exposure from my office.

But, now I think it is a good idea to set up a lab at home which I can switch on/off anytime and twist the settings. So here is how my journey begins with setting up of lab at home.

I started with my so-called new HP laptop(7 years old) and damn, it is 32 bit. F5 Big IP needs 64 bit OS. So either I should buy a new one or look out for the alternatives. I then tested couple of more laptops including one from my office and all were 32bit.

I then thought of buying a lab in cloud or practicing using AWS. Though the rates looks really cheap like 0.4$ per minutes but most liekly buying a new laptop would be cheaper and a better investment.

So I finally got a new high end acer v15 laptop with windows 10 64 Bit and 16GB RAM. Fully excited, I downloaded the trial version from F5 site and imported in oracle Virtual box. Only for your information, oracle virtual box is also an open source free software.

The F5 version which I downloaded is 11.3 and my oracle virtual box version is 5.1.

There was no error while importing the F5 BIG IP ovf file but when starting this machine, it would simply hangs on “GRUB Loading stage2..”.

After doing some research on google, I found the post where the solution is mentioned as activating the com port. I did that and it worked. So fianlly I can boot my F5 BIG IP virtual device and can access it from webinterface and from command line.

Now in order to complete the lab, I looked for a very lightwieght distro where I can run my web servers. I found damnsmall linux box as one of the best option. The image is just about 50Mb and takes less than a minute to boot. It has monkey webserver in it. So for the initial lab, you really do not need to do anything more.




F5 BIG IP – 201 exam – TMOS administration (Tips and tricks)

Yesterday, I cleared my F5 BIG IP 201 exam and am now a F5 BIG IP certified administrator.

Honestly, the f5 certification is very different than the other vendors exam. It is not easy, there are no books in market but once you cross the river, you would feel proud of yourself.

If you need the tips and tricks for F5 BIG IP 101 exam Application delivery fundamentals, refer to my other blog F5 BIG IP – 101 Exam Application delivery fundamentals

Below are some tips and tricks required to crack this F5 BIG IP 201 exam (TMOS administration)  :

  1. Stop searching for book on the internet. I tried a lot but could not find one single book which covers all the topics of 201 exam.
  2. Refer the F5 BIG IP 201 – study guide for preparation. Do not forget to go through the links given in this guide. This is the only and main material which covers most of the part of this exam.
  3. Videos at CBT nuggets can help to speed up your learning the F5 LTM product. But just watching the videos and doing tutorial in the lab may not be sufficient to pass this exam.
  4. Do you know what is BIG-IQ ? If not, read it. There were 2-3 questions on it. Do not leave any topic assuming it to be not important.
  5. Get used to seeing the network map screen, nodes, pool or pool member screen. There are several questions with the snapshot taken from these screen.
  6. Understand the status symbols and when will the node/pool member etc will get the traffic or not.
  7. Try the backup and restore command multiple times via the command line so that you know the syntax.
  8.  About 3-4 questions were based on priority and ratio in virtual servers. So it is important to understand the division of load with priority and ration set.
  9. Few questions will have log files snippets. Fortunately the information in the logfiles snippets are not difficult to interpret. The options given in such questions are very easy. So it is quite simple to get to the right answer.
  10. Read about the priority and what you will be providing to the F5 support. For example, if you are suspecting some hardware failure, you would give the F5 EUD log files. If you created a new virtual server and it is not passing the traffic, this should be opened as priority 3 incident case with the F5 BIG IP. I hope this will give hint as what kind of questions to expect 😉
  11. There are good number of questions on HA sync issue or software updates.
  12. Which port is required to fetch the logs from the mgmt GUI by the admin ?? Oops such tricky questions may appear where you have to use logic at that moment only.
  13. Tick tick tick….watch out the time. You may run out of it. There are some questions with story in it and many questions with the screenshots. Such question can eat your time. If you stuck, move ahead.

I hope the above tips and tricks may help. Unlike F5 101 exam, in the 201 exam, it is quite simple to rule out the wrong options. So if you can get to the right answer by just reading the question, try removing the worng answer.

All the very best for the exam and would love to hear the feedback from you 🙂


Update 27 Jan 2017 : Here are the tips from Avi. Thanks Avi for sharing

order of virtual servers
port used for GUI
priority and ration based algorithm
where does system error files get saved.
when to provide EUD.


Update 27Feb 2017 : Below are the tips from NG. Thanks NG for sharing

  • there are total two guides – StudyGuide_201_TMOS_OfficialF5 and Certification_Study_Guide_201_v2
  • go through all links in both guides. which are mostly Ask5 and some Devcentral… they have very good information from both exam and knowledge point of view
  • hands-on practice is very helpful
  • questions on VS selection with order of preference
  • Pool member status, which pool member will be selected..timeout,2-3 IQ questions,Analytics,Cookie persistence…VS types,monitors and their settings,load balancing…
  • keep watch on time and if question is more descriptive then mark and go to next question and do this in last


Update 20 May 2017 : Below tips are shared by Ed. Thanks a lot for sharing as I am sure it would be helpful for other.

– Get used to reading the configurations in text mode as well, some question will show you a fragment of the config (in text) and ask based on that
– Make sure to understand the difference between status of a node and pool member. For example what happens if pool member reports status OK and node monitor down. Practice all the possible combinations in your own lab
– if a fan speed is slow where the log is reported? /var/log/messages is not an option 🙂
– Watch the BIG-IQ video on F5 University (under v11 Overview Modules > Getting Started with F5 Products). It will give you a great summary of what you need for the exam in less than 30 minutes
– Understand user roles and what permissions have each of these.
– make sure to understand when to use troubleshooting tools such as ping, netstat, curl, etc. sounds simple, but in some questions you might thing in two possible answers, you need to thing the BEST.
– tcpdump, they will describe scenarios and you need to understand where is the best interface/vlan to run this tool
– Assuming there is a UCS locally stored, from what directories the bigip.conf can be pulled (Think of two options)
– Test and read port lockdown and how to give admin access to a self IP
– Get used to common default settings. Some questions say “assuming default settings…”
– Study Guide is not enough… Go through the links and have additional reading.
– few questions (for not saying none) of iRules and SSL Profiles, actually these are not part of the blue print
– Good number of questions of clustering (SYNC, configuration groups, etc) make sure to read “Managing Configuration Synchronization” in the clustering guide
– All the topics for the exam are on the Study guide, do not spend time searching for exam dumps or additional non-F5 material


Update 24 July 2017 : Below tips are shared by Ramesh :

  • If you have F5 Partner account, then please go through all the LTM video trainings, practice Vlab, study all Veritable Networks links.
  • Practice in Vlab( how to create user account in cli, curl command, tcpdump, nslookup, dig, how to analyze network map, dashboard gauge statistics output?, how to generate qkview file in cli, how to upload and save ucs files).

Update 11 Apr 2018 : Below tips are shared by Vmal :

  • Read about SNAT, Address and port translation options on VS configuration(understand when to use and what is correct way to use this )
  •  logs of power failure will be saved in /var/log/ltm or /var/log/sys or /etc
  • couple of questions on health monitor (ex half tcp-open) playing with advanced configuration options on these monitors
  • understand when to use server SSL and client SSL. especially error clients may get when using or not using server SSL
  • order of Packet processing on F5(self ip ,VIP,NAT etc)
  • packet filter rules vs multiple VS address selection priority in scenario questions
  •  how should EUD file should be taken out of a production device when F5 case is opened
  • multiple scenario based issues when virtual server options are incorrectly or correctly configured like SNAT, all vlan & tunnel options , address & port translation ,fastl4,auto last hop
  • persistence mask required in certain scenario
  • Failover and software upgrade scenario
  • different type of scenario questions on vlan ,self ip and interface in respect to production environment and how it effects client return traffic
  • compression offloading from server
  •  node vs member load balancing method under certain situation#
  • logs snippet which contains TMM,HA etc
  • resource provisioning along with licensing (one question)
  • user role and learn few tmsh commands for user creation and UCS

Learn the basics from available study guide and have hand on experience or atleast go through each configuration items in VS,monitor and other ltm configuration items and how it affects traffic when enabled or disabled.

Time is the real problem. Almost all question we need to spend time in thinking and understanding the scenario . So knowing each & every aspect of LTM or f5 configuration can go a long way.

F5 BIG IP – 101 Exam Application delivery fundamentals (Tips and tricks)


Here I come up with one another section of tips and tricks to pass the F5 BIG IP 101 Exam (Application delivery fundamentals) based on my own experience and the blogs I read on the internet :

  1. Most of the paper of 101 is based on networking fundamentals and is not easy like other vendors networking exam.
  2. One really need to understand the TCP/IP concepts. I remember one of the question from my exam asking the first packet number in TCP connection or how the source MAC address will be changed when packets transfers from point A to point B.
  3. Questions are story based where you are provided with a scenario and then you have to answer it.
  4. Since I was from the linux background with not much knowledge about networking, I read Applications delivery network by Philip and Steven and would highly recommend it.
  5. Also the study guide on F5 website is highly recommended. But do not just read this guide, also read in details or follow the links provided in this guide.
  6. The other resource which is helpful is CBT nuggets videos. Watching these videos can help to get speed up with learning BIG IP but they are not sufficient to pass this exam.
  7. During the exam, have a look at the clock. The time may tick away fast unlike other vendor exams where one has plenty of time.

All the very best for your exam and if you are still scared….remember, if you know the basics of networking, you will be through in this exam 🙂

I would love to hear the feedback from you and if you have any new tips for this exam. It would be very nice if you can share the exams topic after appearing in it. This may help other candidates.  🙂

I would not like to create dumps for the exam but just some help to our fellow friends. I will keep updating the below part as and when I will get new feedback from other exam taker.

Update : 02 July 2016 – Here are some more important topics from Jose for the exam.

unsecure sslv3 tls 2 sslv2
flow on osi when sender
ethernet on what layer is 1-2 or 2-3
advantages between virtual and hardware
advantage of active/ standby

Update : 26 July 2016 – Here are some more important topics from David for the exam.

ipv6 correct address
ipv6 eq
mss , where is defined (syn-syn/ack-ack)
ftp active and passive
3 method for authentication (ex. ldap)
ldap syntax
dns syntax
http keep-alive is used for?


Update : 05  Oct 2016 –  Here are some additional questions shared by Michal

  • In what scenario full proxy is required
  • Exibit where u had ( client ->proxy->LB->server ) and question was Why LB is there??  ( and answer was “because its closest to server” , “because it can forward traffic” and 2 more answers which i dont remeber .
  • AAA what for the 3rd A is standing for .
  • Admin have site under address and there is need to implement same site under new IP X X X X but first what you need to do is test it if its working . What will you do :  change something in DNS server , change local file on server +3 more answers .
  • Flow of osi when sender – when client A is sending packet to B how it will look on OSI  – layer from1 to 7 or from 7 to 1 .
  • There was one question about TCP dump output something like that : > >
who will reply next  ( but note that there were flags etc i dont remember now ). So in short, you should be able to read TCP dump output
  • Output from trap snmp : –  -(something like that )
And question what is client what is server .
  • Question where admin used some ip X.X.X.X/28  and something didnt work  answer was easy he used broadcast ip from subnet


Update : 07 Aug 2017 – Here are some tips shared by Smith

  • OSI Model ( which layer do you use in a particular situation)
  • Irules iapps icontrol isessions, about this we have a lot of questions
  • Modules (APM, AFM, LTM, GTM) advantages , and how it work each module
  • mac masquerade
  • Full half proxies in a particular situation( Which would you use)
  • protocol SOAP how it works ( the correct answers was XML, HTTP)
  • subnetting one question
  • ipv6 2 questions (localhost, and correct ipv6)
  • VLANS broadcast domain in a particular situation
  • ARP is used for?
  • Questions about security models (positive and negative)
  • High avabaility
  • HA Active/ stanby advantages
  • encryption
  • MSS
  • ipsec/ssl
  • three way handshake, what is the last packet ? And we have to select FIN
    the process of checksum in tcp
  • FTP active passive
  • smtp
  • LDAP attributes
  • how can analyze and interpretation the packet capture examples
  • Packet forwarding
  • How many minimum connections are there in one ftp session?
    HTTP keepalive (header)

Update : 11 Sep 2017 – Here are some tips shared by Baccari

*loopback @ in IPv6
*vCMP used in which f5 platforme (all f5 device or same f5 device or …)
*emailing protocol : SMTP / POPv3
*what is the first sequence number in 3-way-handshk
*protocol that minimize latency over reliability —> udp
*ldap syntax —> DN: CN=exemple, OU=exemple2, DC=exemple3 …
*Means of DN in ldap query : –> simple path name
*which provide AAA —> APM
*Model of security can implement rapidly —> negative
*model F5 work at layer 3 and 4 —> AFM
*How reciever verify non-repuduation : —> public-key
*mac masqurade provide: —> minimize arp communication and drop packet
*.com :—> top level
*MSS value in : SYN/ACK
*Third A in AAA —>
*Protect application from sql injection :—> ASM
*when sender data folow :—-> apllication to physi
*advandge of Active -Active % active – standby
*choose which protocol is link state
*when use full proxy (4-6 question about this)
*tcpdump of SNMP —-> source @ is client , dest @ is server
*Which address in data link layer redirect data —-> MAC
*Protocol that resolve IPv6 @ to IP @ :—-> NDP
*where admin used some ip X.X.X.X/28 and something didnt work answer was easy he used broadcast ip from subnet
* Which method used to verify if server support POST method —> trace
*YOU NEED TO KNOW THE CODE IN HTTP RESPONSE ( there is 2 or 3 questions i remember 302 and 401)
* Other questions about tcpdump who send ACK
*Module provide AAA —> APM
*Advandge of VE % hardware

Update: 09 Oct 2017 -Here are some tips shared by  nalaakanono

  • how was the tcp sequence number generated?
    * what is the initial tcp sack in tcp 3 way handshake?
    * SSL offloading advantages?
    * persistence methods? (5 questions)
    * in which scenario does full proxy tcp connection required? (5 questions)

Update 02 Jan 2018 – below are some additional tips from Tanu
* which SSL/TLS version is secure
* Ethernet is on which layer – physical+Data
* http 301 error
* Auto sync failover

Update 21 Feb 2018 –  Below are some questions added by F5er.

1-how client test of a specific method is supported — the answer is OPTION
2-exhibit with tcp dump and the questions who should send the sync\ack — the answer is the Client source address in the second line of the dump.
3-Admin discovered new security vulnerability how can he rapidly fix it? choices “icontrol-isession-iRule-iApp”
4-How to restirect http mthod (irule-http profile-ssl profile)
5-SAML provide what function in AAA i don’t remeber the choices but the answer was ” usage measure & authentication )
6-user sends big amount of data to a server but during the process the server sent tcp window size what is the reason choices were somethinf like ( server can’t handle more data, server rest the session and two other chouces but you should choose just one )
7-what could benfit more from compression (http ,peer-to-peer, video,media)
8-traffic passes though the loadblancer from the client to server but the return traffic pass bypass the LB directly from server to client, what proxy archticure is impelemnteed ( full stack proxy, packt-by-packet proxy and other option )
9-what is responsab;e for flow-controll and error correction in Data-link layer (MAC,LLC,…..and other options)
10-what can add more application security layer to SMTP and FTP (LTM,GTM,APM,AFM)
11-traffic is processed by two units and each units is ready to handle all the traffic of the other failed, what type of high availability is implemented (Active-active,active-standby…..other option)
12-new virtual server is implemented and needed to be tested and the old virtual server is still in use, how it should be tested “or something like that” choices were (add ip address to the FQDN, add entery to client host file )
13-a deployment that is fast to get and deploy answer is virtual server
14-what is minimum objects required for loadbalnce(ip address- desstination server address- helath monitor-presistance profile )


Update 11 Apr 2018 : Below tips are from Krish :

Exam questions are Tricky, so recommend you to have good understanding of Layer Technologies.
3. Observed a lot of full-proxy TCP(more than 4 Q’s) scenario questions. So, check what is Full Proxy TCP? How it works?
4. Not observed any True/False questions like the other sites are posting as example questions(Not sure if they were in F5101V1).
Note: I did not see any much importance for practical knowledge. so don’t worry if you do not have good hands-on for this Exam.

-I strictly Finished the Study Guide and revised it a couple more times.
-Last week before Exam, I studied in depth on Topics suggested in this blog.
-Finally, just checked the topics I was not clear with like LACP,LDAP syntax, Mac masquerade, DNS top-host levels etc.

Citrix certified professional – Networking (Tips and tricks)

Here are some of the tips and trick to clear the CCP-N exam based on my and my colleagues experience  :

  1. Download the study guide from citrix website and also download the complete citrix netscalar documentation. I prefer to download it as pdf which will be preety fat of 5000 pages but then you can read it anytime and anywhere. All the questions would be coming from this big PDF and good thing is you can skip lots of topics.
  2. On citrix website, you can also enroll for some free course which will be good if it is your first day with citrix.
  3. If you already have access to citrix netscalar lab in your office, that is good. If not, then simply download the citrix netscalar VPX with 3 months free license and install it on your vmware or ESX. Hands-on is must. You will not be able to clear the exam without some hands-on. You only need a vmware player and a 64 bit laptop.
  4. By reading the documentation, you would be able to do most of the lab exercise without anyone’s assistance but still if you need help, check out at you tube or cbt-nuggets has a very cool start up course in netscalar.
  5. Do not use the brain dumps which many websites offer. The basic idea of taking exam will be lost  and I heard that no question actually appears from these brain dumps.
  6. Most of the questions in exam would be simple. You will be easily able to eliminate the wrong options to reach the right answer.
  7. The time would be more than sufficient in exam.
  8. Most of the questions would be direct without a confusing story in the back ground.
  9. Only about 4-5 questions on CLI commands.

All the very best for your exam and if you are still scared….remember, you can reach the right answer by eliminating the wrong options 🙂

I would love to hear the feedback from you and if you have any new tips for this exam 🙂