Forum Discussion
SID89
Nimbostratus
NimbostratusHTTPS health monitor with binary values
We have security appliances behind F5 as pool members. These requires probing with binary strings. We have configured "TCP" health monitor with send/receive strings as binary values in BIG-IP syntax as mentioned in article- K01524704
This tcp monitor is working as expected. However the new requirement is to setup mTLS between F5 and pool members. I have installed server-side certificate and the same has been installed at pool member servers (with mTLS feature enabled at pool member servers). The same TCP binary health monitor making the pool members down, however it is working with default tcp monitor (only tcp handshake to check port status). I have tried using HTTPS health monitor with same binary values in send/receive strings with server SSL profile in monitor advance setting but it didn't work. Any advise would be appreciated.
Hi SID89,
If you want to configure an HTTPS monitor with a Server SSL profile, you must enable In-TMM monitoring.
Is there a reason why you don't send a GET or POST request instead of a binary string with Send String?
K11323537: Configuring In-TMM monitoring
SID89Hi Enes_Afsin_Al Thank you for looking into this. We have Thales HSM device behind F5 and that doesn't support GET or POST methods for probing. As I mentioned same binary string values (type TCP monitor) are working fine, however it doesn't when used with type HTTPS monitor with SSL profile (as a client certificate serving pool members). When enabled health monitor logging on HTTPS monitor, it fails to complete SSL handshake.
- LiefZimmerman
Admin
SID89 - it's been a while but I wonder if you ever resolved this?
