Can F5 influence SSL traffic in a wildcard forwarding virtual server(0.0.0.0/0)?
Hi,
I am having some problem now with traffic passing through our F5, basically this F5 mainly serves as a firewall with policy enforced to its VS.
This one is a server-server communication. so what happens is when bypassing F5, there is a successful traffic passing through. however when we try to change the network and needs to pass through our F5, somehow after the SSL handshake ends, the client sends a FIN,ACK.
F5 config is
ltm virtual /Common/forward_vs{
destination /Common/0.0.0.0:0
fw-enforced-policy /Common/outside
ip-forward
mask any
profiles {
/Common/ddos_custom { }
/Common/fastL4_custom { }
}
source 0.0.0.0/0
translate-address disabled
translate-port disabled
vlans {
/Common/vlan_outside
}
vlans-enabled
}
I can see the traffic passing through this VS from the F5 ethernet trailer and i can also see the SSL handshake passing through F5 until the client cipher exchange.
Client ------- Client Hello ---------> Dest
Client <----------- Ack -------------- Dest
Client <--Server Hello, Certificate -- Dest
Client <---- Server Key Exchange ----- Dest
Client ----------- Ack --------------> Dest
Client -- Client Key Exchange, Change Cipher Spec, Encrypted Handshake --> Dest
Client <-- Change Cipher Spec, Encrypted Handshake -- Dest
Client --------- Fin, Ack -----------> Dest
This one doesn't happen if the traffic doesn't pass through F5. But i doubt F5 has something to do with the connection failing since this is only a wildcard forwarding VS.
Any input will be appreciated. thanks.