debugging
3 TopicsUnable to generate PMS Key to decrypt SSL Traffic in Wireshark.
Hello Folks, Recently I was troubleshooting an issue, where SSL Offloading was configured on F5. I wanted to wrap off the TLS in order to analyze HTTP traffic. While generate the PMS key, I found following error on F5 CLI. Problem loading private key ERROR: Couldn't create network handler Customer has 2 pair of F5 appliances, and both are showing the same error message while generating PMS. Any clue? Cheers! Darshan443Views0likes3Commentshow to get client-side debug output from Network Access Plugin?
I've been using the F5NAP as a client for ~2 years, after getting it setup on 64-bit linux, to run SSH sessions on a research compute cluster. However now I must make the F5VPN run through a jumpbox, which is not currently working: I can login to the remote access site from the F5NAPed firefox, and start the F5VPN, at which point I immediately lose all DNS. I'm guessing The F5VPN is trying to push to my client a reference to a DNS server inside the firewall. I know from past experience that important hostnames (of, e.g., cluster login nodes) are only visible from the LAN or VPN. This failure is whacking DNS on my client, because I observe the following repeatable sequence: 1. Start F5NAPed firefox on client (laptop, which remains 64-bit linux). Test nslookup www.google.com from a console/terminal: succeeds. Login to remote-access site with F5NAPed firefox. Test nslookup www.google.com : succeeds. Use remote-access site's web UI to start F5VPN. Test nslookup www.google.com : fails with ;; connection timed out; no servers could be reached Use remote-access site's web UI to exit F5VPN (but leaving F5NAPed firefox up and logged-in to remote-access site). Test nslookup www.google.com : succeeds. The DNS push from the F5VPN is failing due to a routing problem, since the F5VPN worked before the imposition of the jumpbox tunnel. However I see no way to debug this, since the F5VPN is implemented with a browser plugin. Is there some way to get status/debug output (e.g., stdout, stderr messages) from the F5NAP on linux, the way one could if running a console-based solution? E.g., Can one make the F5NAP log to a file? Can one make the F5NAP log to the console from which one runs the F5NAPed firefox? Is there a recommended tool for observing relevant messages or other information from within firefox-3.x?364Views0likes2CommentsWhat are good or bad uses of irule Procs
I want to provide global debugging control over irules I have deployed so that I can target the logging of debug information for specific events, hosts, uri, vs, pool, etc, across these irules. I plan to use a proc that will log a message to the LTM log if the current set of debug targets are met. The targets will be set as static variables. This proc will be called multiple times in a variety of irules I have written to log debug information. I am concerned that using a Proc will introduce a performance issue. Please advise287Views0likes1Comment