All Apps and Add-ons

Splunk Add-on for F5 BIG-IP: error message -- "Fail to set active folder as partition '/Common'"

manderson7
Contributor

Fail to set active folder as partition "/Common". How to open port 443?

I'm receiving this error message when I enable the F5 task in the add-on. As far as I can tell the server information is configured correctly, and I'm using the same account as what's set on the F5 itself for me. One of the answers Fail to set active folder as partition "/Common" for Template had an answer that said to open port 443, but it, and the documentation fail to mention where to open said port. I can telnet to the F5 from my heavy forwarder on port 443, but 443 isn't running in Splunk, nor is it allowed, as I'm running as the splunk user and not root, per best practices. Could someone please explain what to do here? Thank you.

0 Karma
1 Solution

sherm77
Path Finder

@manderson7 - the answer is in the docs, I missed it as we put in firewall requests for all of the ports necessary, but just found it. Maybe it will be of some help to you.

In the troubleshooting page for the F5 Big-IP addon, you see this:

http://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Troubleshooting

"Destination unreachable" errors

Ensure that you have opened port 443 in your firewall to enable F5 BIG-IP to communicate with the iControl API over SSL.

The above troubleshooting docs are vague and need to be updated to say something like it says on a previous page (take notice of where it says the collection takes place):

The Splunk Add-on for F5 BIG-IP *collects* performance data (system settings, server performance, and traffic statistics data) for F5 BIG-IP servers from iControl APIs over the network using a modular input. You can configure this input using Splunk Web on your heavy forwarder.

  1. On the machine running your heavy forwarder, open port 443 to allow communication with F5 BIG-IP.

http://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Configureinputs

So, in summary, you have to open port 443 on the heavy forwarder as the source (the one doing the polling) to the F5.

A side note: In order to send the iApp info, you have to configure the HTTP Event Collector (HEC), create a token and put that token in the F5 - port 8088 will be opened on the heavy forwarder, so you'll have to have that port opened from the F5 to the heavy forwarder.

https://www.f5.com/pdf/deployment-guides/f5-analytics-dg.pdf

View solution in original post

0 Karma

sherm77
Path Finder

@manderson7 - the answer is in the docs, I missed it as we put in firewall requests for all of the ports necessary, but just found it. Maybe it will be of some help to you.

In the troubleshooting page for the F5 Big-IP addon, you see this:

http://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Troubleshooting

"Destination unreachable" errors

Ensure that you have opened port 443 in your firewall to enable F5 BIG-IP to communicate with the iControl API over SSL.

The above troubleshooting docs are vague and need to be updated to say something like it says on a previous page (take notice of where it says the collection takes place):

The Splunk Add-on for F5 BIG-IP *collects* performance data (system settings, server performance, and traffic statistics data) for F5 BIG-IP servers from iControl APIs over the network using a modular input. You can configure this input using Splunk Web on your heavy forwarder.

  1. On the machine running your heavy forwarder, open port 443 to allow communication with F5 BIG-IP.

http://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Configureinputs

So, in summary, you have to open port 443 on the heavy forwarder as the source (the one doing the polling) to the F5.

A side note: In order to send the iApp info, you have to configure the HTTP Event Collector (HEC), create a token and put that token in the F5 - port 8088 will be opened on the heavy forwarder, so you'll have to have that port opened from the F5 to the heavy forwarder.

https://www.f5.com/pdf/deployment-guides/f5-analytics-dg.pdf

0 Karma

pgadhari
Builder

@sherm77 and @manderson7 - So did you opened the port 443 on heavy forwarder, what is the process you followed on enabling that port ? Did you open the port in "Data inputs" ==> TCP ==> added a new port 443 in listen mode ? please explain ? I am also getting the same errors above, when I am configuring the F5 add-on in my setup ?

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...