Forum Discussion
CirrusRandom TCP Resets from F5
Good day all,
I am researching an intermittent and random issue where our F5 WAFs respond to customers with the following:
"An error occurred while sending the request.::Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..::An existing connection was forcibly closed by the remote host."
I collected PCAPs and examined the traffic and it leads back to the WAFs sending the reset. I've searched this issue with A.I. assistance and it suggested adjusting/increasing the client ssl profile "handshake timeout" value from 10 seconds (default) to possibly 20 and 30 seconds, depending on traffic load.
Is this a legitimate suggestion and potential resolution? Has anyone modified their "handshake timeout" setting from default?
I appreciate your time and energy and look forward to your thoughts and suggestions. Thanks!
1 Reply
- Daniel_Wolf
MVP
Hi pcourtois,
I am afraid AI won't take you far in this scenario...
The error message you posted looks like a generic .NET error message. The F5 by itself would not send such error message.
The BIG-IP sending a reset package is also not unusual, sometimes that's just how TCP works.
For example: if the TCP session is timed out on the F5 and client sends data on this timed-out session, the F5 would reply with a RST, ACK.In which direction is the F5 sending the reset, to the client or to the server?
If the F5 sends a RST,ACK to the client and then, as a result, the client shows the above error message, you should adjust the tcp timeout settings in the client side TCP profile.Hope this helps,
Daniel
