TCL error: _cgc_pick_clientside

Hi, rolf
May I ask if the "f5-bei1.xxx.xx" field in the log "unknown cgc sni: f5-bei1.xxx.xx (line 49)" is the hostname of the local ASM-LTM or the remote device?
Thank you, looking forward to your reply.

I found this page searching for an answer to the exact question  was asking, kept searching, and was eventually able to find this Support Solution:

https://support.f5.com/csp/article/K54469707

It mentions that this is actually a big3d error and sure enough, when I checked /var/log/gtm I found SSL Error messages that matched up with these /var/log/ltm messages. Even better, the /var/log/gtm messages list the IP that these connections are coming from, which in my case turned out to be one of our internal security appliances doing a scan.

Not sure what you mean, but - now that I look back at my own post, I believe this is a very simple error - there was a value of "-31744" that was sent to a switch statement that did not have a corresponding matching value. Maybe this is a default log message to spell out the fact that not match was found and a default option was not given to choose. The other meaning could mean that the value "-31744" was completely invalid for a switch statement, that it needs to be a positive value or within a specific range.

These are just hypothesis's.

 , Have you executed any scanning to Management IP/Self-IP. Looks some scanning you have performed..

I too am getting a very similar error. It is definitely a error executing iRule code, but I can not find the iRule.

err tmm[10782]: 01220001:3: TCL error: _cgc_pick_clientside <CLIENT_DATA> - bad option "-31744": must be -exact, -glob, -regexp, or --     while executing "switch $tls_version {                 "769" -                 "770" -                 "771" {                     if { ($tls_xacttype == 22) } {      ..."