Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Port misuse policy dropping traffic

Michael_61068
Altocumulus
Altocumulus

I have applied a Port Misuse policy on a HTTPS Virtual Server listening on port 443 to only allow SSL on port 443.

 

Unfortunately this dropping the traffic, but I do not know why. When I update the policy to not drop traffic that does not match then the connection is working. It should also log traffic that does not match, but I am not seeing anything in the logs.

 

0691T000006ApgbQAC.png

 

I am not able to find any example to compare against to understand if there is a configuration mistake.

 

When I configure the log publisher to send the network Firewall logs and Port misuse logs to /var/log/ltm, I see the firewall logs, but nothing for port-misuse.

 

I am interested in seeing any of the following: * A working example * Links to more detailed documentation for configuring / troubleshooting port-misuse. * Steps to understand why "Drop on Service Mismatch" drops the traffic, but "Log on Service Mismatch" is not logging anything.

 

Many thanks,

 

Michael

 

3 REPLIES 3

Tikka_Nagi_1315
Historic F5 Account

have you looked under Security > Event Logs > Network > Firewall for the logs? Here is detailed documentation on creating port misuse policy:

 

https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implem...

 

HI,

 

This is the guide that I followed with my initial deployment of the port misuse policy, but unfortunately this did not result in any logs being generated.

 

Better open a support case as it seems it is a bug still valid in 15.1 from what I tested as HTTPS traffic should be recognized as SSL service as the AFM does not do decryption but it is blocking for some reason HTTPS requests to the web page.