For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SDurborow_19830's avatar
SDurborow_19830
Icon for Nimbostratus rankNimbostratus
Feb 09, 2017

Cannot Retrieve Application WSDL When Connecting Through LTM

I’m a relative novice when it comes to the in’s and out’s of the LTM.

 

I have a business partner who needs me to host an Internet-facing Web server which connects to a backend application server. I’m running a STANDARD virtual server, using only HTTPS as the service port, and performing SSL off-loading.

 

The developers are telling me that when they hit the Web server through the LTM, they cannot retrieve the WSDL. However, when hitting the Web server directly, the WSDL can be retrieved. They are suggesting that the LTM is blocking/dropping access to the WSDL.

 

Can someone point me in a direction that may rectify this issue?

 

Thanks.

 

application delivery
LTM

9 Replies

  • Kai_M__48813's avatar
    Kai_M__48813
    Icon for Cirrus rankCirrus
    Feb 09, 2017

    can you check the following:

     

    under local traffic - virtual servers, check the following:

     

    -there is a http profile attached -snat is set to automap

     

    also, make sure that necessary routing is in place, under Network - routing

     

  • SDurborow_19830's avatar
    SDurborow_19830
    Icon for Nimbostratus rankNimbostratus
    Feb 09, 2017

    Thanks for the quick reply!

     

    • I do not have an HTTP profile configured for the VS
    • SNAT is set to Auto Map

    Using 'netstat -r', the routes are present to get to the destination network where the application lives.

     

  • SDurborow_19830's avatar
    SDurborow_19830
    Icon for Nimbostratus rankNimbostratus
    Feb 09, 2017

    Thanks for the suggestion.

     

    I updated the VS with the default HTTP profile but the results are still the same.

     

  • Kai_M__48813's avatar
    Kai_M__48813
    Icon for Cirrus rankCirrus
    Feb 09, 2017

    if you switch to advanced configuration on your virtual server, can you make sure that port translation and and address translation is ticked off?

     

    also, make sure you have attached a valid certificate to the virtual server, and created a ssl client profile

     

  • SDurborow_19830's avatar
    SDurborow_19830
    Icon for Nimbostratus rankNimbostratus
    Feb 09, 2017

    I was just looking at that and, yes -- they are both selected "on" within the VS configuration.

     

  • Kai_M__48813's avatar
    Kai_M__48813
    Icon for Cirrus rankCirrus
    Feb 09, 2017

    good...and have you imported the certificate and attached it to a ssl client profile in the virtual server?

     

  • SDurborow_19830's avatar
    SDurborow_19830
    Icon for Nimbostratus rankNimbostratus
    Feb 09, 2017

    Yes. We use a domain wildcard certificate for most of our external-facing services. We're not having issues accessing the front end Web services behind the LTM -- just retrieving the WSDL.

     

    Thanks again for all your suggestions. :)

     

  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    Feb 09, 2017

    Use a software to capture the HTTP traffic, like httpwatch or fiddler. Check what is the behavior when going directly to the server, and when going via the F5.

     

    The request for the WSDL should point to the F5, with the same IP and Port, otherwise that traffic will not be handled by the F5.