For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Alexey_384's avatar
Alexey_384
Historic F5 Account
Feb 28, 2014

Log shows that you can't pass an access policy. There are a lot of possible misconfigurations, but the common one is an untrusted server certificate. Have you add the CA cert in a cert store? If not you should set it or use an option to ignore the server certificate.

 

Alexey_384's avatar
Alexey_384
Historic F5 Account
Feb 28, 2014
I would do following: Check BIG-IP logs to determine on what exact step connection is closed. Using tcpdump determine who closes connection big-ip or client. If client.. I'd check all options again. The only issue with establishing connection I faced is an untrusted certificate. If server then: is connection closed during access policy execution or network access establishing? Shouldn't be NA, because browser works. Is access policy configured with the client side checkers? As I remember Linux CLI doesn't support them. Also, login can be allowed for the browsers only. And logon page customisation also may break authentication. BIG-IP can drop connection before access policy execution in case of wrong (absent) client's certificate (depends on client's ssl profile).