PJ_72486
Nov 16, 2009Nimbostratus
Protecting SAP Web Dispatcher with F5 ASM
I am working with a customer to insert an F5 ASM in front of their SAP Web Dispatcher. The ASM is terminating SSL via a client SSL profile, and the re-encrypts traffic back to the SAP Web Dispatcher via a generic Server SSL profile. The SAP Web Dispatcher in turn terminates the SSL connection established by the F5 ASM. This is, however, not working. I see the establishment of the TCP connection via TCP/443 for both health monitors and client connections. The client connections get a Reset though right after the handshake completes. In summary: 1) SYN, 2) SYN ACK, 3) ACK 4) Client sends SSL Continuation Data, 5) Web Dispatcher ACKs the packet, 6) Web Dispatcher sends a RST, ACK 7) Error in browser results.
All the documentation regarding SAP and F5 certifications, setup, etc. all indicate that the F5 replaces the SAP Web Dispatcher, and nothing mentions integrating the F5 ASM into the an environment that includes the Web Dispatcher. Has anyone set up an F5 ASM in front of an SAP Web Dispatcher?
Thanks.