cancel
Showing results for 
Search instead for 
Did you mean: 

Check request flow in Virtual server

THE_BLUE
Cirrus
Cirrus

I have created VS with pool but i'm not able too access website,how to check the flow of my request from client until WAF to see where it's stopped !

in waf local logs i can see warning :SSL Handshake failed for TCP 

 

5 REPLIES 5

Hello @THE_BLUE

SSL Handshake errors occur before than the WAF protection, and they should be troubleshooted separately.

I recommend you to check this article:

https://support.f5.com/csp/article/K15292

 

Regards,
Dario.

Ahmed_Galal
Cirrostratus
Cirrostratus

Hello, 

 

you can also capture the traffic on F5 using tcpdump tool to see what cause the issue in TLS communication.

tcpdump -vi (VLAN) host (client IP) -w /var/tmp/(name).pcap

then collect capture file using SCP tool

check this article to know more about tcpdump 

https://support.f5.com/csp/article/K411

THE_BLUE
Cirrus
Cirrus

The case is , i have 2 virtual server with different public ip and same custom port . the first VS working fine , the second one not working and i receve Connection error: ssl_codec_rx:2320: alert(48) received alert.

note that, i'm using the same certificate in both VS . if i change the pool the VS working fine. and if i try to access the pool directly it's working fine too.

Hello @THE_BLUE,

It doesn't matter that some other pool work fine. The SSL error is with this specific server.

Note that the error is "alert(48) received alert", that means that an alert SSL packet was received from the far end, most probably from the backend server.

Maybe this server has a specific cipher configured that breaks the SSL Handshake during the establishment.

The point is that you should first know in which moment of the communication the alert is received and after that analyze which the error could be.

You can also use openssl command to test that server using SSL in order to diagnose which error could have.

Everything I'm explaining here is mentioned in the article I provided above. Please, take some time to check it out and let us know if it is helpful.

 

Regards,
Dario.

BTW, also check this out

https://support.f5.com/csp/article/K29346112

 

Regards,
Dario.