For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Triggerman_1128's avatar
Triggerman_1128
Icon for Nimbostratus rankNimbostratus
Sep 22, 2010

OneConnect

Hi all. I'm just wondering under what situation/circumstance that an application will break when enabling OneConnect. There's a KB in Microsoft that touched on this (http://support.microsoft.com/kb/88...
config
design
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Sep 22, 2010
That depends on how you implement the OneConnect settings.

 

 

The biggest problem is where you share the backend connections amongst multiple clients. The backends only see the IP address (Assuming NAT) of the first client. And thereafter the other client requests will be presented on the same connection and thus the same IP address. Clients will also 'hop' around on random IP's in this case (Not so bad if you use SNAT).

 

 

The biggest problem is where apps expect that all requests on a single connection are from the same client and so only do the auth etc on the first request... The second and subsequent requests then share the sessino of the first and you have a wonderful problem where people see each others information etc...

 

 

OneConnect is very useful where it's got a well written and robust app behind it that's expecting multiple clients multiplexed over a small number of connections... Otherwise it's exposing a bit of a security hole.

 

 

H