For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Adolfo's avatar
Adolfo
Icon for Nimbostratus rankNimbostratus
Aug 12, 2020

SSL issue

Hello there,   We have a F5 LTM and a virtual server configured to a server in port 443, the topology is:   Computer --> F5 LTM --> switch --> server   When we try to connect to the server thr...
application delivery
BIG-IP
LTM
pools
profiles
virtual
Andrew-F5's avatar
Andrew-F5
Icon for Employee rankEmployee
Sep 01, 2020

Your virtual server is very simple with no profiles that should interfere.

 

Telnet isn't a good test for SSL connections other than stating that the port is open, use openssl or another utility to test the connection.

 

You have to have some sort of SNAT translation enabled because your virtual server and pool member exist on different networks. Automap should be fine assuming you have a valid self-ip configured.

 

The F5 is not manipulating the SSL handshake and especially not the http traffic considering it can't decrypt any of it due to SSL passthrough being configured here.

 

Given the very simple configuration of the virtual server this would seem to be more likely an issue with the server or device between F5 and server.

 

You can take a capture with F5 'noise' to see the reset cause:

tcpdump -s0 -ni 0.0:nnnp host 10.1.7.x and host source_ip