Forum Discussion

Amritkp's avatar
Icon for Altostratus rankAltostratus
Aug 13, 2021

Getting RST from SAP Server but the Wireshark says "iRule execution (reject command)"

I have a setup where I am using my F5 as a forward proxy towards Internet. From my internal environment, when user initiates a connection to a SAP Server (on Internet), user is unable to connect to it, however when he is allowed to Bypass the proxy and connect directly to the SAP Server, it works fine.

On taking the packet capture, I find that when the F5 is initiating packets from it's self-IP towards the SAP Server, after successful TCP Handshake, during SSL Handshake, F5 Self-IP recieves RST packet from the server.

However, in the wireshark RESET Cause states : BIG-IP: [0x2b9df43:6605] iRule execution (reject command)

I do not understand this. Please help.

3 Replies

    • Amritkp's avatar
      Icon for Altostratus rankAltostratus

      For Security reasons, I cannot share the Wireshark Screenshot. However, there is no explicit iRule indicated by the capture. It is just this "0x2b9df43:6605" So I am not sure which irule to check. Even the virtual-Server name mentioned in the F5 Trail of the packet in wireshark, does not have any iRule associated to it. So, I am not sure what iRule is the message refering to.

      • SanjayP's avatar
        Icon for Nacreous rankNacreous

        okay. So if there is no iRule/LTM policy at your vip and you are seeing RST is coming from other end, it could be the SAP server having BIGIP infront of it and it's rejecting the connection. So you would have to check with the SAP team.

        They might be looking for specific TLS versions and Cipher suites for TLS connection could be one of the reason. SAP team can tell you more on that error though.