Forum Discussion
how to persistant client when using bigip load balance firepass
There is two problem when using bigip load balance firepass:
1> For ADSL client, when user logon the firepass, his adsl line dropped and reconnected adsl, so the client ip address had been change...
Nat_Thirasuttakorn
Employee
Employeethis might be too late reply...
however, if you still need the answer, you may try this irule.
to use this irule
- just follow normal procedure and enable cookie persistence
- no need to enable ssl id and source ip persistent
=====================================================
when RULE_INIT {
set ssl_handshake 0
set ::tmout 3600
}
when CLIENTSSL_HANDSHAKE {
set ssl_handshake 1
}
when CLIENTSSL_CLIENTCERT {
set ssl_handshake 1
}
when HTTP_REQUEST {
set http_disable 0
set sid [HTTP::cookie "MRHSession"]
if { $ssl_handshake == 1 } {
HTTP::header replace "BIGIP" "on"
HTTP::header replace "BIGIP_SSL_CIPHER" "[SSL::cipher name]"
HTTP::header replace "BIGIP_SSL_CIPHER_USEKEYSIZE" "[SSL::cipher bits]"
HTTP::header replace "BIGIP_SSL_PROTOCOL" "[SSL::cipher version]"
set ssl_handshake 0
}
if { [HTTP::uri] starts_with "/myvpn" } {
set sid [findstr [HTTP::uri] "sess=" 5 "&"]
persist uie $sid $::tmout
set http_disable 1
}
if { [HTTP::uri] starts_with "/tunnel" } {
set sid [findstr [HTTP::uri] "sess=" 5 "&"]
persist uie $sid $::tmout
set http_disable 1
}
set uri [HTTP::uri]
}
when HTTP_REQUEST_SEND {
if { $http_disable != 0 } {
HTTP::disable
}
}
when HTTP_RESPONSE {
set sid [HTTP::cookie "MRHSession"]
if { $sid != "" && $sid != "deleted" } {
persist add uie $sid $::tmout
}
}
=====================================================
Nat
