Forum Discussion

Altocumulus

Apr 03, 2023

SFTP VIP on CLoud F5 AWS not working from internet , from F5 its working

Hello, we have an SFTP VIP configured on AWS Cloud F5 with some high number port 41415 for VIP with private IP and Pool configured with port 22. Vip: private IP, performance L4, automap enabled. F...

application delivery

F5 Cloud SFTP VIP

CA_Valli
Apr 03, 2023
So from packet capture, you see TCP SYN hitting F5 and no response? Nothing is forwarded to the real SFTP server on a server side connection, correct?
Looks like SYN packet might be dropped, I'd check that packet data in your pcap are actually matching the configuration.

First thing I'd check is that your network configuration is on point for the client-side connection - eg. F5 has a default route back to client IP, Virtual Server is listening on intended VLAN.
Next, match the packet from your capture to VS and confirm service port and IP are correct, and client IP belongs to a network that's included in source network list.

If everything is spot-on, you need to investigate VS secifications further as there might be some profile "conflicting" with your traffic or likely preventing the match, but you said this is a fastL4 so that's quite unlikely imo.
imabbas_90
Apr 03, 2023
Hi Thanks for your input. We found the issue. Its the AFM and Zone was wrongly marked for the destination.
Again thanks.
CA_Valli

CA_Valli

MVP

So from packet capture, you see TCP SYN hitting F5 and no response? Nothing is forwarded to the real SFTP server on a server side connection, correct?
Looks like SYN packet might be dropped, I'd check that packet data in your pcap are actually matching the configuration.

First thing I'd check is that your network configuration is on point for the client-side connection - eg. F5 has a default route back to client IP, Virtual Server is listening on intended VLAN.
Next, match the packet from your capture to VS and confirm service port and IP are correct, and client IP belongs to a network that's included in source network list.

If everything is spot-on, you need to investigate VS secifications further as there might be some profile "conflicting" with your traffic or likely preventing the match, but you said this is a fastL4 so that's quite unlikely imo.

imabbas_90

Altocumulus

Apr 03, 2023

Hi Thanks for your input. We found the issue. Its the AFM and Zone was wrongly marked for the destination.

Again thanks.

CA_Valli

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SFTP VIP on CLoud F5 AWS not working from internet , from F5 its working

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

F5 iRUule not working

BIG-IP connection mirroring in public cloud doesn't work, but why?

F5 SMTP Fast Template - SNAT Not working as expected

iRULE not working for ipfix log publisher.

Customized Bot Signature not working

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS