I am facing issue with SFTP forward proxy virtual server. I have this VS with below details:
Dst Port: 8822
irule --> which redirects the connection to port 22
there are many other SFTP applications running smoothely except one on which Vendor 3Econ.com applied security patch named Serv-U post that our application team is facing issue. I had taken packet captures however there is nothing suspicious about F5. Is any anyone faced such issue after update of Serv-U patch on SSH servers. Below is the links shared by vendor regarding the patch.
Below is a link to the “Release Notes” for ServU 15.3.1 and 15.3.2
Supported Key Exchange, SSH Ciphers and SSH MACs for ServU
Key Exchange (KEX), SSH ciphers and SSH MACs supported in Serv-U (solarwinds.com)
If anyone can help me what I can check, will be really helpful also if needed I can share wireshark captures.
06-Jan-2023 07:56 - edited 06-Jan-2023 07:59
Are you doing SSL interception on your F5 box? If not, I guess captures will show you the SSL handshake and not much more useful data. And also be aware that, if the F5 box is not involved in the SSL transaction, the negotiation is stricly between the client and end server.
Anyway, you mentioned two things that will need further clarification:
1. iRule to redirect traffic to port 22.
Why? Just configure your pool members with port 22. No need for an iRule there, unless I'm not seeing the full picture. [Just re-read it... forward proxy, so no pool, right? Forget this one...]
2. Security patch on the server side.
Did the F5 Virtual Server ever work before that patch was applied?
Didn't quite get it. Do you mean to say that it never worked?
I would suggest that you share the relevant configuration (Virtual Server, iRule, any custom profile if applicable). And maybe try to ssh from your F5 box directly to the end-server to check for connectivity.