Troubleshooting F5 WAF
Issues in Fetch Config
| Error Message | Possible Cause | Possible Solution |
|---|---|---|
| Authentication failed for the device | Invalid credentials specified for the device. | Provide valid credentials for the device. |
| Failed to fetch partitions from the device | Partition fetch failed. |
|
| SSH connection failed | Unable to establish the SSH connection. | Please ensure that the device can be connected via SSH from AppViewX. |
Issues in Discovery
| Error Message | Possible Cause | Possible Solution |
|---|---|---|
| Please provide information as required | Discovery name is not given or length is less than 2 characters. | Enter a valid name with a minimum of 2 characters. |
| Interval between batches info. is missing when execution type is sequential. | Provide a time interval between batches in minutes. | |
| Please select a device | No device is selected in the Discover By section. | Select at least one device to discover certificates from. |
| Authentication failed for the device | Invalid credentials specified for the device. | Provide valid credentials for the device. |
| Failed to fetch partitions from the device | Partition fetch failed. |
|
| SSH connection failed | Unable to establish the SSH connection. | Please ensure that the device can be connected via SSH from AppViewX. |
Issues in CSR Generation
| Error Message | Possible Cause | Possible Solution |
|---|---|---|
| Authentication failed for the device | Invalid credentials specified for the device | Provide valid credentials for the device. |
| SSH connection failed | Unable to establish the SSH connection. | Please ensure that the device can be connected via SSH from AppViewX. |
| CSR Generation using HSM on this device version is not supported. | Version not supported. | Please use the supported version device to create CSR using HSM. Supported versions are v13 and v12. |
|
1) CSR content unavailable in device 2) Requested CSR is not available in device 3) Csr could not be fetched |
CSR content unavailable on device. | For some reasons CSR creation has failed, please check the logs to reproduce. |
| CSR already exists in this scope with the same Key reference name | The name is already used on the device. | Please use a different name. |
| Csr generation is device failed | CSR generation has failed. | CSR generation has failed. Please refer to the associated error message. |
| Thales HSM is not installed in the device. Please install and try again. | Thales is not installed in the device. | Please install Thales HSM and try again. |
| Invalid module. Please specify the valid module and try again. | Invalid module specified. | Specify a valid module and try again. |
| The CSR <name> was not found in the device. | CSR content is not available in the name specified. | Please check the name in the CA connector. |
| NetHSM private key is not available/installed in device | NetHSM private key is not available/installed in the device. | Please install NetHSM private key on the device. |
Issues in F5 WAF Backup, Push, Bind, and Rollback
| Error Message | Possible Cause | Possible Solution |
|---|---|---|
| Unable to initiate request. | Pushing to device when certificate is unavailable, i.e, in a new state. | Push to device after certificate has been retrieved from CA. |
| Previous work order is in progress and not completed. | Initiate push after previous work order is finished. | |
| AppConnector might not be in sync. | Synchronize the appConnector and retry. | |
| Unable to initiate request, template is in disabled state | Given workflow is not in enabled state. | Enable the push/rollback workflow from the Workflow section. |
| User is not authorized | User does not have required permissions to push to the device. | Retry after getting the access for required action. |
| Application connector(s) not found | Application connector info was not found. | Provide the correct connectorId if not pushing using AppViewX UI. |
| Request associated with the application connector is in progress | Previous work order is in progress and not completed. | Initiate this request after the previous work order is finished. |
| Push not triggered or succeeded or No existing data available for backup process. | Rollback couldn’t proceed because push was not successful. | Only successfully pushed certificates can be rolled back. |
| Certificate not found. | Pushing to device when certificate is unavailable, i.e, in a new state. | Push to device after certificate has been retrieved from CA. |
| Authentication failed for the device | Invalid credentials specified for the device. | Provide valid credentials for the device. |
| SSH connection failed | Unable to establish the SSH connection. | Please ensure that the device can be connected via SSH from AppViewX. |
| Invalid profile type | Specified profile type is not supported. | Please use client-SSL or server-SSL. |
| Certificate fetch failed | Certificate fetch failed. | Check the error message associated to know more about the problem. |
| Certificate already exists | Certificate is already available with the same. | Either change the name or enable overwrite in the application connector. |
| Key already exists | Key is already available with the same. | Either change the name of the key or enable overwrite in the application connector. |
| Certificate is expired | Certificate is expired. | Push the certificate which is currently valid. |
| Unknown certificate algorithm | Unknown certificate algorithm. | Push the certificates only with RSA or EC. |
| certificate is not yet valid | Certificate valid from value is greater than the current time. | Only valid certificates only can be pushed. |
