Nom_55811
Sep 01, 2009Nimbostratus
nPath Triggering Router Intrusion Detection
Hi All,
We've recently deployed a pair of BIG-IP 1600's in a redundant configuration in front of our corporate web site. Since then, we've discovered several customers using Billion (http://au.billion.com/) modems, are having the website blocked by the Intrusion Detection built into their router.
The web servers were previously running under a DSR configuration behind a pair of Foundry ServerIron's (very old, and unstable), so nPath was the best solution for us in the short term, until we had time to properly design and deploy a separate VLAN for F5 powered hardware.
What the customers are seeing is something like:
Aug 26 18:31:38 home.gateway:firewall:info: 1524.121 Intrusion TCP FIN scan(17)
Last week we created a new Fast L4 profile with the following configuration options changed from the default:
- Idle Timeout: 120 seconds
- Loose Initiation: Off
- Loose Close: On
- TCP Close Timeout: 120 seconds
These changes were based on some old F5 documentation we found which described nPath in more detail. Following these changes, users are now seeing the following errors:
Intrusion TCP reset scan(18)
So, it would seem that we've gone from one set of problems to another.
Has anyone else encountered similar problems? Do you have any solution that would rectify this issue?
Thanks in advance.