User logout issue

What type of Persistence are you using?

Do/could the Internet users pass through a proxy?

Are you SNATting?

Is there only one route out to the Internet and is this via the F5s?

We are using only source based persistence and not using any other persistence No snatting Via F5 only it happens , other routes working fine i mean local users

Sounds very likely this is a persistence problem. Can you switch to using the Cookie Insert method?

Is it per chance a web based application that supports cookies? It could very well be that source address persistence is failing you. Internal users would normally have static addresses that don't change over the life of an application session. But an external Internet user could be going through all sorts of devices along its path that could be changing its source address. Such a thing would be intermittent, but would almost certainly happen. If the application is browser-based, cookie persistence is not only rock solid, but actually removes the burden of maintaining persistence table entries on the BIG-IP. Otherwise there are other very robust persistence mechanisms worth considering.

Yeah the websites supports cookies and very well the point is right it could be a persistence issue but why do the IP based / Destination based persistence causing this issue , trying to identify the root cause

Suggest me even in cookie based method we have different categories which one suits better for my issue which we are facing now

Across the Internet you have no control over what devices a user request will flow through. Anything from NATting firewalls to proxies, a user's source address can change from one HTTP request to another. Destination address affinity isn't really applicable here. That's mainly used for things like firewall or web cache load balancing.

If the client agent supports HTTP cookies, then that is the most reliable persistence method.

When we enable the cookie based persistence, in the user end also the cookies will be created for the connection establishment From the security point of view what if any of the existing users laptop has a malware / infection if the cookies are hijacked how can we prevent this ? By providing or implementing this cookie based settings i dont want to open a security threat anywhere thats the point here so please advise from security standard as well

A persistence cookie contains nothing more than the information pertaining to a load balancing decision. If someone where to steal this cookie and try to use it, they'd certainly be load balanced to the same server, but that in no way has any effect on the total application session or authentication state. The cookie cannot be used to gain access to a user's session.

Hi All,

Migrated to Cookie based but still it doesnt help me

Looking for more suggestions

Looking for more suggestions

is it possible to capture packet when problem is happening?

e.g.

 tcpdump -nni 0.0:nnnp -s0 -w /var/tmp/output.pcap host x.x.x.x -v
x.x.x.x is client ip