Forum Discussion

Nimbostratus

Dec 01, 2023

Troubeshooting website connection

We are using BIG-IP with LTM and SSLO to inspect web application traffic. What are good troubleshooting techniques to go through the device when a website doesn't establish connection? We would want to eliminate the F5 from being the cause and attempt to narrow down where the traffic is getting broken if possible.

application delivery

Lucas_Thompson
Dec 01, 2023
By "these modules", I'm assuming you mean "the SSL Orchestrator module". We do have a deployment guide over here that is very comprehensive:

https://clouddocs.f5.com/sslo-deployment-guide/sslo-11/

Reading the deployment guide will give you a good understanding of how the SSL Orchestrator module works and how to set it up.

SWG and SSLO essentially use the same architecture but the setup is somewhat different, as you've no doubt found. We generally recommend using SSLO to perform the setup, then using "SWG as a Service" to perform custom authentication, auditing, or authorization logic as needed. That is covered here:

https://clouddocs.f5.com/sslo-deployment-guide/sslo-11/chapter3/page3.06.html

zamroni777
Nacreous
Dec 04, 2023
usually i use tcpdump to analysze the ssl and http layer.
for encrypted traffic, add --f5 ssl option:
https://my.f5.com/manage/s/article/K31793632
- tstott707
  Nimbostratus
  Dec 04, 2023
  Thanks Zamroni777. Will add this to the troubleshooting steps as well
Lucas_Thompson
Employee
Dec 01, 2023
Network troubleshooting is usually easiest when you break down the problem into layers. We do have a troubleshooting guide for SSL Orchestrator over here:

https://clouddocs.f5.com/sslo-troubleshooting-guide/troubleshooting.html#data-plane

That link has a flowchart. Each item on the flowchart has information about how it works and what evidence to get to prove that it's working. You should probably start reading in that area to get an understanding of what approaches might be best for your environment.
- tstott707
  Nimbostratus
  Dec 01, 2023
  Thank you for the attachment and explanation. We deployed the SSLO and rarely have to make the changes with that module when websites have issues. We do run LTM using iRules and Data Group along with SWG and website bypassing when needed. Is there another article that walks through a checklist when you are implementing these modules in the environment.
  - Lucas_Thompson
    Employee
    Dec 01, 2023
    By "these modules", I'm assuming you mean "the SSL Orchestrator module". We do have a deployment guide over here that is very comprehensive:
    
    https://clouddocs.f5.com/sslo-deployment-guide/sslo-11/
    
    Reading the deployment guide will give you a good understanding of how the SSL Orchestrator module works and how to set it up.
    
    SWG and SSLO essentially use the same architecture but the setup is somewhat different, as you've no doubt found. We generally recommend using SSLO to perform the setup, then using "SWG as a Service" to perform custom authentication, auditing, or authorization logic as needed. That is covered here:
    
    https://clouddocs.f5.com/sslo-deployment-guide/sslo-11/chapter3/page3.06.html

Forum Discussion

Troubeshooting website connection

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Fake website, Gmail guideline, GPS spoofing, OWASP LLM, Jan 1st–5th F5SIRT This Week in Security

F5 Websites Accessibility Survey

DevCentral Connects hosts Capture the Flag!

Release Notes: DevCentral Website

F5 Website Accessibility Survey

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS