F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Brendan_Hogan_9's avatar
Brendan_Hogan_9
Icon for Nimbostratus rankNimbostratus
Jun 26, 2009

IRule to selectively allow subnets no longer working

Actually 2 issues:   1) We are currently on   We used to use the following iRule during maintenance windows to only allow particular subnets to connect. It used to send users not in those s...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jun 26, 2009
Hi,

 

 

1. The iRule looks fine. You could create a test VIP and test with that. Try to add logging to see if the match is made. If you're able to reproduce the problem, try adding a OneConnect profile to the test VIP.

 

 

2. What is the idle timeout of the TCP profile on the virtual server? LTM should reset the client connection after the idle timeout expires. You might also try setting the node to Forced Offline so that only clients with an active TCP connection to the VIP will be allowed to continue. Disabled means that clients with a valid persistence record will still be able to access the VIP.

 

 

Aaron

 

 

Aaron