Forum Discussion

Sefi_Miz's avatar
Sefi_Miz
Icon for Altostratus rankAltostratus
Jan 22, 2025

establish a sideband connection to an HTTPS destination using the connect command

Hi,

I have iRule that establish sideband connection to an HTTP destination.

I need to change it to HTTPS connection with SSL.

I tried this command but it not get it because the -ssl argument:

 

when ACCESS_POLICY_AGENT_EVENT {

    set conn [connect -ssl [name of SSL client profile] -status conn_status 10.5.12.181:443]
}

 

somebody have an idea how should I do it?

  • f51's avatar
    f51
    Icon for Cirrocumulus rankCirrocumulus

    Hello Sefi_Miz

    To establish a sideband connection to an HTTPS destination using the connect command in an iRule, you need to ensure that the SSL client profile is properly referenced and the SSL handshake is correctly handled. Here’s a refined way to establish an HTTPS connection using the connect command in an iRule:

    when ACCESS_POLICY_AGENT_EVENT {
        # Define the SSL client profile to use for the connection
        set ssl_client_profile "your_ssl_client_profile"
        
        # Establish the HTTPS connection
        set conn [connect -timeout 3000 -status conn_status -ssl $ssl_client_profile 10.5.12.181:443]

        # Check the connection status
        if { $conn_status == 1 } {
            log local0. "Sideband connection established successfully."
        } else {
            log local0. "Failed to establish sideband connection."
        }
    }

     

    • Sefi_Miz's avatar
      Sefi_Miz
      Icon for Altostratus rankAltostratus

      Hi,

      Thanks for your answer :-)

      I tried this and I get again the error message about the "-ssl" argument.

      The error message is - ["unexpected token(s) at NO.6 argument"][connect -timeout 3000 -status conn_status 10.5.12.181:443 -ssl "$ssl_client_profile"]

       

      • zamroni777's avatar
        zamroni777
        Icon for MVP rankMVP

        you dont need to put " in "$ssl_client_profile"

        anyway, you dont need to use variable.
        just type: ... -ssl intended_client_ssl_profile