For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JustCooLpOOLe's avatar
JustCooLpOOLe
Icon for Cirrocumulus rankCirrocumulus
Jun 12, 2018

Converting iRules to LTM Policies

Hi,

I know the rule that if you can do it in the GUI, you should before writing an iRule as it's a bit more optimized. So, I'm starting to look to covert some iRules over to LTM policies. We do set a lot of variables within our iRules and for troubleshooting purposes, we write to log local. I see the "Set variable" option within the Policy rule but I'm not able to get it written to the log. I'm trying to convert this iRule to a policy. Any help is greatly appreciated!

when CLIENTSSL_CLIENTHELLO {

set userip [IP::client_addr]
set ssl_version [SSL::cipher name]
set ssl_protocol [SSL::cipher version]

if {$ssl_protocol == "TLSv1"} {

    log local0. "Warning:  $userip - $ssl_version - $ssl_protocol"

}

}

application delivery
iRules
LTM

1 Reply

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jun 12, 2018

    It seems CLIENTSSL_CLIENTHELLO (policy is ssl client hello) event is not available when the condition is 

    ClientSSL protocol is TLSv1

    but you can use following log message to include same information:

    tcl:Warning: [IP::client_addr] - [SSL::cipher name] - [SSL::cipher version]