Forum Discussion
CirrusF5OS (r4800) web interface access issue
There is a very interesting situation: System Security has granted access permissions to different networks as ‘all’.
15.X.X.X/23 (VPN Admin ntw)
15.Y.Y.Y/21 (Local Admin ntw) I granted ‘all’ permissions.
Until five days ago, I had seamless access to https://deviceA and https://deviceB from both networks. However, now I can only access from the VPN Admin network.
When I checked the firewall settings, both networks are set to allow, and packets are being sent and received. When I captured packets using tcpdump on the device, I can see that packets are arriving, but there is no response. Does anyone have any ideas or experience with this issue?
F5OS: Version 1.7.0-8741
4 Replies
- Nikoolayy1
MVP
Interesting issue.
Have you seen the F5OS logs for httpd or restarted the process?
https://my.f5.com/manage/s/article/K000092662
My own article on the subject 😎
Knowledge sharing: Velos and rSeries (F5OS) basic troubleshooting, logs and commands | DevCentral
Qkview and F5 ihealth will be easier to review the rSeries logs.
Also you can upgrade as well.
OzzyThanks Nikoolayy1 , I have already try to restart the demaon nothing change. I took an qkview and send to F5 support. It is not working some Ip block:
10:40:27.719511 IP appliance-1.chassis.local > X.X.X.X: ICMP appliance-1.chassis.local tcp port https unreachable, length 60
10:40:27.996430 IP X.X.X.X:.60761 > appliance-1.chassis.local.https: Flags [S], seq 95158361, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:40:27.996541 IP appliance-1.chassis.local > X.X.X.X:: ICMP appliance-1.chassis.local tcp port https unreachable, length 60
10:40:35.721039 IP X.X.X.X:.60760 > appliance-1.chassis.local.https: Flags [S], seq 1547436090, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:40:35.721135 IP appliance-1.chassis.local > X.X.X.X:ICMP appliance-1.chassis.local tcp port https unreachable, length 60
10:40:36.002729 IP X.X.X.X:rhs.zz.60761 > X.X.X.X:s: Flags [S], seq 95158361, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:40:36.002816 IP appliance-1.chassis.local >X.X.X.X:.rhs.zz: ICMP appliance-1.chassis.local tcp port https unreachable, length 60for working one :
08:57:16.517364 IP appliance-1.chassis.local.https > Y.Y.Y.Y.55880: Flags [P.], seq 160839:162502, ack 6720, win 370, length 1663
08:57:16.517387 IP appliance-1.chassis.local.https > Y.Y.Y.Y.55880: Flags [P.], seq 162502:162533, ack 6720, win 370, length 31
08:57:16.534450 IP Y.Y.Y.Y.55880 > appliance-1.chassis.local.https: Flags [.], ack 162533, win 1028, length 0
08:57:16.549565 IP appliance-1.chassis.local.https > Y.Y.Y.Y.55880: Flags [.], seq 162533:165053, ack 6720, win 370, length 2520
08:57:16.549583 IP appliance-1.chassis.local.https > Y.Y.Y.Y.55880: Flags [P.], seq 165053:166696, ack 6720, win 370, length 1643
08:57:16.549606 IP appliance-1.chassis.local.https > Y.Y.Y.Y.55880: Flags [P.], seq 166696:166727, ack 6720, win 370, length 31
08:57:16.564752 IP Y.Y.Y.Y.55880 > appliance-1.chassis.local.https: Flags [.], ack 166727, win 1028, length 0
08:57:16.600744 IP appliance-1.chassis.local.https > Y.Y.Y.Y.55880: Flags [.], seq 166727:169247, ack 6720, win 370, length 2520
08:57:16.600771 IP appliance-1.chassis.local.https > Y.Y.Y.Y.55880: Flags [P.], seq 169247:170891, ack 6720, win 370, length 1644
08:57:16.600866 IP appliance-1.chassis.local.https > Y.Y.Y.Y.55880: Flags [P.], seq 170891:170922, ack 6720, win 370, length 31- Ozzy
Hi f51 , it is solved . I really does not understand the reason. I totally remove the Ip blocks from Security -allowed Ips. Now it can be reachable . But before the issue , IP list covers all IPs from the location. I have one KB , but it is not very clear to me. https://my.f5.com/manage/s/article/K000138975
