Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Amritkp's avatar
Amritkp
Icon for Altocumulus rankAltocumulus
Aug 13, 2021

Getting RST from SAP Server but the Wireshark says "iRule execution (reject command)"

I have a setup where I am using my F5 as a forward proxy towards Internet. From my internal environment, when user initiates a connection to a SAP Server (on Internet), user is unable to connect to i...
application delivery
big-ip
LTM
security
Amritkp's avatar
Amritkp
Icon for Altocumulus rankAltocumulus
Aug 13, 2021

For Security reasons, I cannot share the Wireshark Screenshot. However, there is no explicit iRule indicated by the capture. It is just this "0x2b9df43:6605" So I am not sure which irule to check. Even the virtual-Server name mentioned in the F5 Trail of the packet in wireshark, does not have any iRule associated to it. So, I am not sure what iRule is the message refering to.

spalande's avatar
spalande
Icon for Nacreous rankNacreous
Aug 13, 2021

okay. So if there is no iRule/LTM policy at your vip and you are seeing RST is coming from other end, it could be the SAP server having BIGIP infront of it and it's rejecting the connection. So you would have to check with the SAP team.

They might be looking for specific TLS versions and Cipher suites for TLS connection could be one of the reason. SAP team can tell you more on that error though.