Skip to main content

F5002 - F5 BIG-IP Authorization Failed

Agent error code #F5002 indicates that the F5 BIG-IP accepted the credentials but the user's role does not have permission to perform the requested operation on the data-group. The device returned HTTP 403 Forbidden.

This is distinct from authentication failures (#F5001), where the username or password itself was rejected.

Common causes include:

  • The service account has a read-only role (e.g. Guest or Operator) but the agent needs to modify the data-group
  • The account's role is scoped to a partition other than the one holding the data-group
  • The account is restricted to a specific partition/route-domain that excludes the target

Steps to Resolve

Grant the Account a Sufficient Role

  1. In the BIG-IP Configuration utility, go to System > Users > User List and open the service account
  2. Assign a role that can modify LTM data-groups in the target partition. Manager on the relevant partition is sufficient; Administrator also works
  3. Confirm the account's partition access includes the partition configured in the Knocknoc backend (default Common)

Confirm the Partition in Knocknoc

  1. In the Knocknoc backend configuration, confirm the Partition matches where the data-group actually lives
  2. Save and retry

Still Having Issues?

We can help you out, contact us at [email protected].