Forum Discussion

MadMick's avatar
MadMick
Icon for Nimbostratus rankNimbostratus
Apr 26, 2022

Proxy Handhsake failure

Hi all, sorry, I'm not an expert using F5 but I got a question for you. I'm using an iRule Proxy configured on a BIG-IP 13.1.1. Suddenly...and I don't know why, this proxy is still working but a...
event
security
MadMick's avatar
MadMick
Icon for Nimbostratus rankNimbostratus

Thank you mate.

Yes, it is possible but...I cannot reconfigure my antivirus agent.
The only solution for me is let to disable SSL inspection or https decryption or allow the agent to use SSLv3.

Do you know how to do it?

PSFletchTheTek's avatar
PSFletchTheTek
Icon for MVP rankMVP
Apr 26, 2022

It's not McAfee is it??? I recongise the Port number! (but others may use it as well - just a guess!)
So where is this flow error coming from? AV to Virtual server? Or f5 to pool member?
Where is 192.168.201.37:8081?? I'm guessing this is a f5 to pool member flow?

So to remove the encryption you just need to remove the client and server SSL profiles from the virtual server.
But there must be a way to check this, maybe even take a pcap of the flow and have a better look,
Possible f5 support could look at the config and that pcap for you with more understanding of what those errors mean.

  • MadMick's avatar
    MadMick
    Icon for Nimbostratus rankNimbostratus
    Apr 27, 2022

    This is the Virtual server configuration: everything seems to be disabled.

     

    • PSFletchTheTek's avatar
      PSFletchTheTek
      Icon for MVP rankMVP
      Apr 27, 2022

      Hi,

      Your in Local Traffic > Virtual Servers > [VIRTUAL SERVER] > Secuirty.
      SSL Certs are set at
      Local Traffic > Virtual Servers > [VIRTUAL SERVER]
      Under Configuration
      SSL Profile (Client) and SSL Profile (Server)

      And these policies are set in Local Traffic > Profiles > SSL > Client or Server as needed.
      Client is incoming so from web client to f5 and server is f5 to web server,
      From the looks of your in i'm guessing this is linked to the f5 to server comms so the SSL Server profile is being used.

       

      So possibly something in the server ssl profile is stopping you?
      You are in the range of looking at what updates have happened on the TrendMicro platform, and a f5 support call to try to deep dive into it.

      • MadMick's avatar
        MadMick
        Icon for Nimbostratus rankNimbostratus
        Apr 27, 2022

        Thank you mate for your time.

        This is my configuration...and it seems correct: what do you think?

        I already check this and I can't see any blocking parameter.