We have a publicly facing VIP on our F5 that does SSL offloading to a group of servers listening on port 80. The servers are accepting traffic that is offloaded from 443 to 80 and you can browse to the web page without issue, but when you try to export some data from the site it does not work. If we bypass the F5 VIP and go directly to the server on port 80 we can export the data without issue.
The config for the offload is extremely basic with the VIP listening on 443, server pool listening on 80, the certificate is verified as working, persistence is set to src_addr, and there are no irules.
The logs show "SSL Handshake failed for TCP 1.1.1.1%1:port -> 2.2.2.2%1:443" even though everything on the web page works except the export button.
We are at a loss and have rebuilt the pool/VIP using F5 documentation guidelines for this basic setup.
No comments:
Post a Comment