F5002 - F5 BIG-IP Authorization Failed
Agent error code #F5002 indicates that the F5 BIG-IP accepted the credentials but the user's role does not have permission to perform the requested operation on the data-group. The device returned HTTP 403 Forbidden.
This is distinct from authentication failures (#F5001), where the username or password itself was rejected.
Common causes include:
- The service account has a read-only role (e.g. Guest or Operator) but the agent needs to modify the data-group
- The account's role is scoped to a partition other than the one holding the data-group
- The account is restricted to a specific partition/route-domain that excludes the target
Steps to Resolve
Grant the Account a Sufficient Role
- In the BIG-IP Configuration utility, go to System > Users > User List and open the service account
- Assign a role that can modify LTM data-groups in the target partition. Manager on the relevant partition is sufficient; Administrator also works
- Confirm the account's partition access includes the partition configured in the Knocknoc backend (default Common)
Confirm the Partition in Knocknoc
- In the Knocknoc backend configuration, confirm the Partition matches where the data-group actually lives
- Save and retry
Still Having Issues?
We can help you out, contact us at [email protected].