Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Aug 08, 2022

Check request flow in Virtual server

I have created VS with pool but i'm not able too access website,how to check the flow of my request from client until WAF to see where it's stopped !

in waf local logs i can see warning :SSL Handshake failed for TCP 

 

5 Replies

  • Hello, 

     

    you can also capture the traffic on F5 using tcpdump tool to see what cause the issue in TLS communication.

    tcpdump -vi (VLAN) host (client IP) -w /var/tmp/(name).pcap

    then collect capture file using SCP tool

    check this article to know more about tcpdump 

    https://support.f5.com/csp/article/K411

  • The case is , i have 2 virtual server with different public ip and same custom port . the first VS working fine , the second one not working and i receve Connection error: ssl_codec_rx:2320: alert(48) received alert.

    note that, i'm using the same certificate in both VS . if i change the pool the VS working fine. and if i try to access the pool directly it's working fine too.

    • Hello THE_BLUE,

      It doesn't matter that some other pool work fine. The SSL error is with this specific server.

      Note that the error is "alert(48) received alert", that means that an alert SSL packet was received from the far end, most probably from the backend server.

      Maybe this server has a specific cipher configured that breaks the SSL Handshake during the establishment.

      The point is that you should first know in which moment of the communication the alert is received and after that analyze which the error could be.

      You can also use openssl command to test that server using SSL in order to diagnose which error could have.

      Everything I'm explaining here is mentioned in the article I provided above. Please, take some time to check it out and let us know if it is helpful.