26-Apr-2017 06:24
I have applied a Port Misuse policy on a HTTPS Virtual Server listening on port 443 to only allow SSL on port 443.
Unfortunately this dropping the traffic, but I do not know why. When I update the policy to not drop traffic that does not match then the connection is working. It should also log traffic that does not match, but I am not seeing anything in the logs.
I am not able to find any example to compare against to understand if there is a configuration mistake.
When I configure the log publisher to send the network Firewall logs and Port misuse logs to /var/log/ltm, I see the firewall logs, but nothing for port-misuse.
I am interested in seeing any of the following: * A working example * Links to more detailed documentation for configuring / troubleshooting port-misuse. * Steps to understand why "Drop on Service Mismatch" drops the traffic, but "Log on Service Mismatch" is not logging anything.
Many thanks,
Michael
12-May-2017 15:51
have you looked under Security > Event Logs > Network > Firewall for the logs? Here is detailed documentation on creating port misuse policy:
17-May-2017 01:28
HI,
This is the guide that I followed with my initial deployment of the port misuse policy, but unfortunately this did not result in any logs being generated.
22-Jul-2022 10:16
Better open a support case as it seems it is a bug still valid in 15.1 from what I tested as HTTPS traffic should be recognized as SSL service as the AFM does not do decryption but it is blocking for some reason HTTPS requests to the web page.