TCP monitor vs TCP Half Open

Question

Hi Guys!&nbsp;
Got a question for you ... I have a pool of Citrix Gateways, configured with the default TCP monitor. This is causing the gateways to log an error of this sort "SSL three way handshake error" every 5 seconds, apparently because the TCP monitor doesn't close the connection.&nbsp;
I changed the monitor in our dev environment to TCP Half Open, which, according to what I've read, sends a RESET after receiving the ACK/SYNC from the pool member, so the connection is closed properly.&nbsp;
My question is (before I put this in production) : Does the TCP monitor catch something that the Half OPen doesn't and which could interest me?&nbsp;
Thanks,
Fabian&nbsp;

brad_parker · Answer

You are most likely getting the SSL failure because with a TCP monitor you complete a full three-way handshake. Since you are using a TCP monitor against an SSL interafce it then tries to initiate the SSL handshake and fails. TCP Half-Open doesn't complete the three-way handhsake since it sends a RST instead of an ACK, so it never attempts the SSL handshake. So, in short the TCP vs Half-open will only give you the knowledge that a full TCP handshake can occur vs it responding on the port.

dicky_moe_13167 · Answer

Great! thanks.&nbsp;
Fabian&nbsp;

Forum Discussion

TCP monitor vs TCP Half Open

2 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

OWASP_Managed Issues

4600 rSeries tenant resizing and HA Dependency

is it possible to deploy a Tenant using "resource-admin" user ?

F5 BigIp cluster active/stanby in Azure, failover very slow

iRule, Traffic Policy or Re-Write Policy

Related Content

TCP 3-WAY Handshake vs TCP Half-Open

Phishing, Malware, Breach and Open-Source Security

DevCentral Connects Recap: Open Finance, APIs, AI & Security

AppWorld 2024 Call For Speakers open

US Tiktok ban, Salt and Twill, over Half billion in crypto stolen

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS