Forum Discussion
sstafford
Dec 04, 2014Nimbostratus
I think we got it. It appears to be somewhat related to the issues in this old SOL; https://support.f5.com/kb/en-us/solutions/public/11000/600/sol11659
The firewall logs are recording a large number of denies on traffic between the LTMs and the syslog servers that look like this;
Dec 4 14:21:00 152.19.253.108 RT_FLOW: RT_FLOW_SESSION_DENY: session denied 127.1.1.2/5966->172.27.47.21/514 junos-syslog 17(0) DC-UNIVERSAL-DENY(global) F5-Datacenter-DMZ ITS-OS-DMZ-prod UNKNOWN UNKNOWN N/A(N/A) reth0.1641
Nothing like this appears in those logs prior to the upgrade to 11.6.
So, for whatever reason, the ip address the F5 is using to communicate via HSL changed from the floating ip to 127.1.1.2. Any ideas on how to address that?