F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

omar_padilla's avatar
omar_padilla
Icon for Altocumulus rankAltocumulus
Dec 01, 2020

protect cloudfront service whit asm VE AWS

Hello, I am trying to protect a web application that is hosted in aws, but it turns out that before directing the traffic to the backend servers first for a cdn, (cloudfront), the F5 is in front of t...
ASM Advanced WAF
aws
cloud
Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Dec 01, 2020

Well, it looks like the ServerHello from the Cloudfront server does not meet the server-ssl profile requirements, and the BigIP terminates the connection. You have to figure out what works, and make sure that the server-ssl profile matches.

 

Look at the incoming client-side ClientHello. The outgoing server-side ClientHello needs to match as closely as possible. Check for a Server-Name Indication extension on the server-side. Check the supported TLS protocols and ciphers.

 

Craft a specific server-ssl profile to ensure that as closely as possible, the ClientHello requests match.