08-Aug-2022 01:10 - edited 08-Aug-2022 01:12
I have created VS with pool but i'm not able too access website,how to check the flow of my request from client until WAF to see where it's stopped !
in waf local logs i can see warning :SSL Handshake failed for TCP
SSL Handshake errors occur before than the WAF protection, and they should be troubleshooted separately.
I recommend you to check this article:
09-Aug-2022 02:45 - edited 09-Aug-2022 02:47
you can also capture the traffic on F5 using tcpdump tool to see what cause the issue in TLS communication.
tcpdump -vi (VLAN) host (client IP) -w /var/tmp/(name).pcap
then collect capture file using SCP tool
check this article to know more about tcpdump
The case is , i have 2 virtual server with different public ip and same custom port . the first VS working fine , the second one not working and i receve Connection error: ssl_codec_rx:2320: alert(48) received alert.
note that, i'm using the same certificate in both VS . if i change the pool the VS working fine. and if i try to access the pool directly it's working fine too.
It doesn't matter that some other pool work fine. The SSL error is with this specific server.
Note that the error is "alert(48) received alert", that means that an alert SSL packet was received from the far end, most probably from the backend server.
Maybe this server has a specific cipher configured that breaks the SSL Handshake during the establishment.
The point is that you should first know in which moment of the communication the alert is received and after that analyze which the error could be.
You can also use openssl command to test that server using SSL in order to diagnose which error could have.
Everything I'm explaining here is mentioned in the article I provided above. Please, take some time to check it out and let us know if it is helpful.
15-Aug-2022 03:12 - edited 15-Aug-2022 03:12