Kemp Support

@robertpye Hello. Yes, it is working, just tested this myself and checked with the team. Is it getting blocked by either a personal spam filter or a company spam filter? We see that pretty often.

@KempSupport I am trying to create a kemp id but am not getting the email verification to register. I have tried three email addresses now!! Can someone please check your outbound SMTP servers are forwarding?

@richardhicks That particular cipher is part of the TLS 1.3 set. 1.3 ciphers cannot be added or deleted via a custom cipher set on the LoadMaster. They are always there if TLS 1.3 is turned on.

Hey @KempSupport! Why when I have configured only two ciphers are there more being offered during the handshake?

@richardhicks Correct you cannot remove any of those 3 ciphers from any cipher set if TLS 1.3 is enabled. They may be different though. With 1.2 enabled only, and that cipher only I get cipher suite 0x009d, 1.3 on, I get cipher 0x1302. This is taken from that link earlier.

@richardhicks You could disable TLS 1.3. That cipher you chosen is the RSA version in this link. testssl.sh/openssl-iana.m…. While they look exactly the same, they are not. The one you have configured is TLS_RSA_WITH_AES_256_GCM_SHA384, which should work once TLS 1.3 is disabled.

@richardhicks TLS1.3 ciphers are independent of the cipher sets. TLS 1.3 ciphers are not configurable. The reason is because there are no 'bad' 1.3 ciphers. If you run the same test without TLS 1.3 enabled, those should go away on that scan.

@rj07thomas It could have been an outstanding bug. Hard to say without diving into it. We recently just released our new LTS firmware of 48.3 which going forward is going to be our stable release.

@KempTech @Kemp_DE @KempSupport just wanted to say thanks for the support content available on your site - had a server issuing websites for different domains, now working but couldn't have got here without the various how-to's available on your site!

@rj07thomas Glad to hear it! Always great to hear positive feedback.

@rj07thomas Hi. Our password change needs to use forms based client side auth when using ESP, typically via OWA. When the LoadMaster talks to the AD, it is done through ESP. Are you only using Outlook now?

@KempSupport hi, is there any way of using a Kemp loadmaster to perform AD passsword changing by itself? I.e. without backing off to sthg like Exchange? We've shut OWA down as it's no longer needed, but this has taken the password change form with it!

@derkiely @JWilkers89 Great. I see it. Let me review this and work with the original CS agent.

@JWilkers89 @KempTech Hi Justin, thanks for reaching out. I would love to get some more insight in relation to your environment and traffic patterns so we can assess your findings. Have you a ticket open with @KempSupport by any chance?

@KempTech It's very clear that HTTP/2 is a performance degradation through your max VLM. What's the issue?

@derkiely @JWilkers89 Hi Justin. I suggest opening up a case by calling into our support line +1 844-439-5367; by opening up a ticket via email support@kemp.ax or visiting our support site support.kemptechnologies.com/hc/en-us, log in to create a ticket. From here we can investigate further.

@wandersick Hi. When I say backup, I mean your current configuration on the LoadMaster. This would be much better suited with a ticket as it may require troubleshooting. Please open up a ticket via the link. support.kemptechnologies.com/hc/en-us.

@wandersick Hi. Unfortunately that sounds like a generic error and we would also need to look at your backup. I would suggest opening up a ticket via this link support.kemptechnologies.com/hc/en-us. Here we can assist further and more appropriately.

@KempTech Hi @6vis_pacem. If you feel like you and many other customers would benefit I would urge to make a request to our ideas portal. So you and other customers can see this and vote on it. ideas.kemp.ax

@6vis_pacem @KempSupport will help you out with this!

@KempTech is there any documentation to integrate and map Big IP logs into a SIEM like #QRadar ? I have seen several requests but no document nor connector.

@KempTech Hi @6vis_pacem. Did you need help with your LoadMaster connecting to QRadar? If so, I would suggest opening up a ticket so someone from support can assist. support.kemptechnologies.com/hc/en-us/artic…

@wandersick Sorry for the late response. No, unfortunately there is not a way to log that header or any other header. If this is something you want, I would suggest putting in a feature request at this link. ideas.kemp.ax

@wandersick Our ESP feature set can be used to log a clientIP in the connection logs or send them to a syslog server. This will depend on the virtual service config. Check out tinyurl.com/tbb3la9 for more info. Give our support team and email if you need further assistance.

@wandersick Thanks for reaching out. ESP supports Forms base Authentication for OWA. We have this set by default in our new templates. Check out bit.ly/2TghF9u for the log off string config and bit.ly/2VBMBmh for templates.

@wandersick While possible, multi health checks are not common and currently we don't have a KB. A KB is a great idea and I'll suggest it internally. We do have info around the features in our WUI guide. support.kemptechnologies.com/hc/en-us/artic… Our support team would be happy to assist further.

@wandersick Yes, it's possible to have multiple health checks to single real server. A combination of sub virtual services and our Enhanced Options under Real Servers should help you achieve this. Our support team would be happy to provide further assistance if required.

@wandersick Good morning. Our HA is Active-Standby. We do have a clustering solution where minimum of three LoadMasters are required and our GEO feature can be leveraged for active/active. contact emeasupport@kemptechnologies.com for further details.