Port misuse policy dropping traffic

Michael_61068 · ‎26-Apr-2017

I have applied a Port Misuse policy on a HTTPS Virtual Server listening on port 443 to only allow SSL on port 443.

Unfortunately this dropping the traffic, but I do not know why. When I update the policy to not drop traffic that does not match then the connection is working. It should also log traffic that does not match, but I am not seeing anything in the logs.

I am not able to find any example to compare against to understand if there is a configuration mistake.

When I configure the log publisher to send the network Firewall logs and Port misuse logs to /var/log/ltm, I see the firewall logs, but nothing for port-misuse.

I am interested in seeing any of the following: * A working example * Links to more detailed documentation for configuring / troubleshooting port-misuse. * Steps to understand why "Drop on Service Mismatch" drops the traffic, but "Log on Service Mismatch" is not logging anything.

Many thanks,

Michael

Tikka_Nagi_1315 · ‎12-May-2017

have you looked under Security > Event Logs > Network > Firewall for the logs? Here is detailed documentation on creating port misuse policy:

https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implem...

Michael_61068 · ‎17-May-2017

HI,

This is the guide that I followed with my initial deployment of the port misuse policy, but unfortunately this did not result in any logs being generated.

nikolay_dimitrov · ‎22-Jul-2022

Better open a support case as it seems it is a bug still valid in 15.1 from what I tested as HTTPS traffic should be recognized as SSL service as the AFM does not do decryption but it is blocking for some reason HTTPS requests to the web page.

DevCentral

Port misuse policy dropping traffic