cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

F5 Virtual Server responds to clients with pool member port instead of VS port

jerrysimila
Nimbostratus
Nimbostratus

I have an F5 HA cluster deployed in one-arm mode with SNAT and source port preserve enabled (by default since i used iApp templates). The VS is configured to listen on port 443 with an http to https redirect enabled. Challenge is we have noticed that for pool members listening on different ports other than port 80 eg port 9080, when the traffic is sent to such pool members the response to the client goes with the pool member port thus the web page doesn't load since the firewall permits only ports 80 and 443 for client to F5 VS communication. Expectation was that response to clients should be strictly on port 443.

2 REPLIES 2

Andrew-F5
F5 Employee
F5 Employee

The response should be using port 443 between client and virtual server but may not be if your server is including a port within a redirect or location header, in which case we honor HTTP RFC.

 

Also make sure you have "Port Translation" enabled within the advanced virtual server configuration.

Hi  

I have depoloy many my customer and I have same error with  .

Default Virtual Server advanced " enable default ".

I sometime use irule or customize context path on Web.

Do you known workround for it ?

 

0691T000009i7dKQAQ.png

Thanks all

Hung Hoang