Forum Discussion
CirrostratusCheck request flow in Virtual server
I have created VS with pool but i'm not able too access website,how to check the flow of my request from client until WAF to see where it's stopped !
in waf local logs i can see warning :SSL Handshake failed for TCP
5 Replies
Dario_GarridoNoctilucent
Hello THE_BLUE
SSL Handshake errors occur before than the WAF protection, and they should be troubleshooted separately.
I recommend you to check this article:
https://support.f5.com/csp/article/K15292
Ahmed_GalalHello,
you can also capture the traffic on F5 using tcpdump tool to see what cause the issue in TLS communication.
tcpdump -vi (VLAN) host (client IP) -w /var/tmp/(name).pcap
then collect capture file using SCP tool
check this article to know more about tcpdump
- THE_BLUE
The case is , i have 2 virtual server with different public ip and same custom port . the first VS working fine , the second one not working and i receve Connection error: ssl_codec_rx:2320: alert(48) received alert.
note that, i'm using the same certificate in both VS . if i change the pool the VS working fine. and if i try to access the pool directly it's working fine too.
- Dario_Garrido
Hello THE_BLUE,
It doesn't matter that some other pool work fine. The SSL error is with this specific server.
Note that the error is "alert(48) received alert", that means that an alert SSL packet was received from the far end, most probably from the backend server.
Maybe this server has a specific cipher configured that breaks the SSL Handshake during the establishment.
The point is that you should first know in which moment of the communication the alert is received and after that analyze which the error could be.
You can also use openssl command to test that server using SSL in order to diagnose which error could have.
Everything I'm explaining here is mentioned in the article I provided above. Please, take some time to check it out and let us know if it is helpful.
- Dario_Garrido
