Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all,I had the below config in place so TCP 443 traffic terminated on 20.20.20.20 and unencrypted traffic was sent onto backend servers via a content rule setup to listen on TCP 80 for IP address 10.10.10.10.ssl-server 190 ssl-server 190 rsakey mys...
Hi,If i set the timeout multiplier to be 3 on a content rule so it's 48 seconds, why when i look at the 'flow-agent show fcb' information does it give me the correct inactiveTimout but then allocate a 'New FCB time' of 120 which overrides my configur...
Hi,I have a CSS 11503 with a basic content rule for TCP 10000 going to a few backend servers. I was looking into the default timeout values for flows and when testing using telnet the flow didn't terminate as expected?For example, i have no 'timeout ...
Hi,I have an IPS running inline VLAN pair mode that bridges 2 x VLANs into 1 x L2 broadcast domain allowing servers in one VLAN and gateway in another to connect to each other while forcing traffic via the IPS for screening etc.. This operates over a...
HiI'm not sure if my terminology is correct when using hairpinning but i was wondering if there is any special config needed when you try to access a content rule VIP from a server that's configured as a member of a source group on the same CSS?So sa...
Many thanks for your reply Daniel. That makes perfect sense, I just wish that this 120 second window before configured timeouts become active was documented somewhere. If it is, could you point me to the illusive document please? Is this configurable...
Thanks for the link Jorge, but I've read that document before and i understand what the FCBs are but it doesn't help explain why when i explicitly configure a timeout of 48 seconds, the CSS overrides my configured timeout with this 'New FCB time' of ...
Hi Bob,Yes i tried the 2004 ICMP Reply and the ICMP Request as well as creating me own Sig which just blocked all ICMP. I changed the prioty to HIGH so it showed up in the logs more clear and i set various actions in an attempt to make it block but a...
sadly you can't use L5/url rules to dictate which certificate is used so I had to just use a differnt port other than 443 for each additional ssl policy i wanted on the same vip.In my case i just used 444 and told the web dev team to link there since...
ahhh forgot about that, thanks Daniel.My reason for trying this is to try and use one public IP for multiple SSL enabled backend servers without having to ask the dev's to change their code to use a differnt port.I know that in the ssl proxy lists yo...
