I read that the performance when we use VPN (edge Client) can be improve if the DTLS is activated. Currently, we use only VPN through HTTPS. If I activate DTLS on the VPN profile and after creating a virtual server, how I can check if the tunnel is established with DTLS protocol ?
And currently, our F5 is behind a firewall. I have a rule to allow HTTPS from Internet to the public IP of our F5. I need to had a rule to allow UDP_4433 also between Internet and the F5 ?
In the EdgeClient
Details >> Connection Details
shows whether DTLS is being used.
It is also recorded in the APM logs.
> I need to had a rule to allow UDP_4433 also between Internet and the F5 ?
Thank you for your answer. When the dtls will be activated on the profile and the VS created, is it mandatory to create a new Edge install package and deploy it on the users laptops or the existing client already deployed on user computer will detect automatically the new configuration and based the communication with dtls protocol?
The client picks up the connection information when it connects, so you don't need to update the install package.
Make sure your client-ssl profile supports DTLSv1, as well.
Looks good to me:
# tmm --clientciphers '!SSLv3:!DHE:ECDHE:RSA+HIGH:!3DES' ID SUITE BITS PROT CIPHER MAC KEYX 0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 ECDHE_RSA 1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 AES SHA ECDHE_RSA 2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 AES SHA ECDHE_RSA 3: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 AES SHA ECDHE_RSA 4: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA 5: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 ECDHE_RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 AES SHA ECDHE_RSA 7: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 AES SHA ECDHE_RSA 8: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 AES SHA ECDHE_RSA 9: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA 10: 52392 ECDHE-RSA-CHACHA20-POLY1305-SHA256 256 TLS1.2 CHACHA20-POLY1305 NULL ECDHE_RSA 11: 157 AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 RSA 12: 53 AES256-SHA 256 TLS1 AES SHA RSA 13: 53 AES256-SHA 256 TLS1.1 AES SHA RSA 14: 53 AES256-SHA 256 TLS1.2 AES SHA RSA 15: 53 AES256-SHA 256 DTLS1 AES SHA RSA 16: 61 AES256-SHA256 256 TLS1.2 AES SHA256 RSA 17: 132 CAMELLIA256-SHA 256 TLS1 CAMELLIA SHA RSA 18: 132 CAMELLIA256-SHA 256 TLS1.1 CAMELLIA SHA RSA 19: 132 CAMELLIA256-SHA 256 TLS1.2 CAMELLIA SHA RSA
shows a DTLSv1 cipher.