Forum Discussion
Nimbostratuscant access ip address using web browser
NimbostratusHello Rhiyadi,
Is your traffic arrive to your VS ? isn't blocked by a FW ? You can check on VS statistics to know if the traffic reach the VS. If the traffic arrive on your VS, maybe there's config error (like client ssl profile / server ssl profile / snat / pool assigned).
NimbostratusRhiyadi,
First let explain your setup and what you want to achieve.
You configured a VS listening on an IP x and on port 443. On this VS you configured a pool, on which port are listening pool members ? (so your server are configured to respond on port 80 or 443) ? So based on the setup you have and what you want to do you can do multiple configuration.
If you servers are listening on port 443; Do you want to do SSL bridging or SSL passthrough ? (bridging means that you want to encrypt / decrypt traffic between F5 and client and the re-encrypt traffic to server, passthrough mean you let your server negotiate SSL to the client). If you want bridging you need to configure HTTP / SSL Client / SSL server profile If you want passthrough you need to remove HTTP / SSL Client / SSL Server profile.
If your servers are listening on port 443; You have to configure your VS for SSL offloading and so configure SSL Client Profile AND HTTP Profile.
Now from a network perspective, is your F5 the default gateway of your servers ? If no : configure SNAT (you can choose Automap or create a specific SNAT Pool) If yes: SNAT not needed.
Could you please provide us a tcpdump ? Connect on CLI and type : tcpdump -nni 0.0:p host and port 443
Rgds, FX
