Forum Discussion
wannabe_f5admin
Cirrus
CirrusVS not working on 443
Hey Folks, Need advise on a issue that I have been working on since yesterday, details below. We have a VS on 443, with the backend member on 443 as well. Whenever the users are trying to...
_KT_
Nimbostratus
NimbostratusDoes backend pool member host multiple domains?
I am wondering if it uses SNI to determine the page being requested, but when you perform SSL bridging on the F5 no SNI is presented to the webserver. It may then default to a domain for which 'GET /' doesn't have any associated content.
What was the tcpdump command used to produce the output you provided above?
You could do a tcpdump on the F5 VS, i.e. F5 clientside, to capture the TLS establishment - the server name extension in the client hello would show what is being requested. As a quick check you could copy this into the Server Name field within the server SSL profile. Note that if that turned out to be the issue you would need a longer term solution to insert the appropriate SNI on the serverside. Devcentral has a few iRule options, but I think later versions of software may now allow it to be done automatically.
jaikumar_f5
MVP
MVPI agree to , if SNI is playing a role here, you'd see this behavior too. You'll need your serverssl profile fixed with SNI fields.
There could be site binding as well on the webservers. Look in that aspect as well.
What are the headers being passed when you directly access the server url and the header being passed when access through main bigip url. It might give some clue too.
Also curious to know what monitoring have you put for your pool members.