Connection Mirroring & Virus Detection

Hi Nik,

 

 

1) Is connection mirroring is related to SSL session state on failover? If not then whats the difference? (please also feel free to provide link giving relevent details.)

 

 

When enabled on a virtual server, connection mirroring triggers mirroring of the connection table entry and updates to it. So the client would be able to resume their existing TCP connection. Connection mirroring does not mirror the SSL session cache. So if a failover occurs, the client will need to re-initiate an SSL handshake.

 

 

We are tracking a request for enhancement to support SSL session cache mirroring. You can open a case with F5 Support to raise the visibility of this feature request.

 

 

2) Consider policy-->Blocking on for virus detected checkbox.

 

 

This is for ASM. If the policy check is in blocking mode and a violation occurs, the blocking response will be taken.

 

 

Aaron