For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JustCooLpOOLe's avatar
JustCooLpOOLe
Icon for Cirrocumulus rankCirrocumulus
Jul 17, 2025

SSL Orchestrator and Traffic Flows

Hi,

 

I'm having a hard time finding any information on this particular scenario.  We are using SSL Orchestrator in our configuration path for virtual servers.  The question came up today regarding the possibility that the security device (i.e. Palo Alto) should become responsive or there was a loss of connectivity and how SSL Orchestrator handles that.

Does the traffic flow cease to exist in this scenario and the user would not be able to make it to the backend servers?  Or does the traffic flow regardless but the security device would not have any traffic to inspect?

There are two separate teams here...one for the F5 BIG-IP Configuration and one for the Security Device so there could be some maintenance going on that we are unaware of or things just die for whatever reason.

Any help is greatly appreciated!

application delivery
cloud
security

2 Replies

  • JustCooLpOOLe's avatar
    JustCooLpOOLe
    Icon for Cirrocumulus rankCirrocumulus
    Jul 17, 2025

    It appears that the "Service Action Down" setting is the one that can control this behavior.

  • Aswin_mk's avatar
    Aswin_mk
    Icon for MVP rankMVP
    Jul 18, 2025

    Hi,

     

    In F5's Local Traffic Manager (LTM), "Action on Service Down" determines how the system handles existing connections to a pool member that has become unavailable due to a health check failure. The available options are: None, Reject, Drop, and Reselect. Understanding these options is crucial for maintaining application availability and performance.  

     

    You can configure this as per your pool requirement. You can use this link - Overview of the Action On Service Down feature

     

    BR
    Aswin