cancel
Showing results for 
Search instead for 
Did you mean: 

Logging IMAPS payload with SSL::collect doesn't work, any solution?

Vinne73
Cirrus
Cirrus

Hi,

 

We have a Big-IP 13.x acting as an IMAPS SSL-offloading front-end for our IMAP backend servers. The problem is the backends don't see the real source IP. I want to log the client IP and imap login username on the Big-IP. Therefore I will have to search the decrypted payload, which is normally no problem. However, when I use SSL::collect my connection stalls.

 

This seems to be the cause of my problem: https://support.f5.com/csp/article/K12646

 

Basically, when I start collecting, the serverside connection is not created until the client sends something. But the client is waiting on the server to start the conversation.

 

Has anybody been able to work around this? Or simply put: has anybody been able to log imaps logins?

 

Kind regards

Vincent

 

 

1 REPLY 1

Simon_Blakely
F5 Employee
F5 Employee

K12646 does not list v13.x in the applies to ...

 

What is your irule?