Blocked 'Reverse Connections'
Hi all,
Recently we have ran into an issue with connections that involved our BIGIP devices and client server connections when there is a firewall as man in middle. The issue that is seen presents itself as a reverse connection i.e. ports flipped or source = 443 that gets blocked. Furthermore, this issue does not seem to stem from one set of client or servers devices and also seems to happen with health checks.
Now rules have been put into place on the MIM firewall that allow for the expected flow of traffic and this issue does not seem to be service affecting but it does generate a mass of logging for the blocks. I have attempted troubleshot what I can only describe as half closed behaviour but unfortunately have started to come up dry with further theory's as to why the F5 does not seem to tear down the connection along with the rest of the devices and sends one last packet that gets blocked when the other side closes the connection forcing the firewall to remove it from its state table.
My hope is that others may have experienced this or can add to the conversation so I can look into other avenues for investigation.