For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

PrasannaBlore_2's avatar
PrasannaBlore_2
Icon for Nimbostratus rankNimbostratus
Apr 28, 2016

F5 recommended configuration for Microsoft IIS

Hi,   This question can be sound very trivial and basic but I have very high level knowledge on F5 and I am a developer with no prior knowledge and background on network administration. Any help i...
application delivery
BIG-IP
LTM
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Apr 28, 2016

Question:

 

  • If you configure the Pool Member in first case, I suppose you send requests to a SSL-enabled port on Windows Server 2012, and have also configured ServerSSL profile in VS config? Or in short, are you looking to deploy SSL decrypt, SSL re-encrypt solution on BigIP?

If that's the case, there's one thing worth looking into.

 

  • I don't know if also the case with Windows Server 2012, but in case of ServerSSL between BigIP and Windows Server 2008, the SSL handshake tends to fail, resulting in TCP teardown. The easiest solution is to enforce explicit use of TLSv1.0 on the Server-SSL profile, there also are some workarounds for the Windows Server config, but they take a bit more time and are harder to implement.

Apart from possible ServerSSL issues, I cannot think of anything else as a likely root cause here.

 

Have a look here for reference solution: https://devcentral.f5.com/questions/regarding-cipher-negotiation-for-ltm