Forum Discussion

SID89's avatar
SID89
Icon for Nimbostratus rankNimbostratus
May 30, 2024

HTTPS health monitor with binary values

We have security appliances behind F5 as pool members. These requires probing with binary strings. We have configured "TCP" health monitor with send/receive strings as binary values in BIG-IP syntax as mentioned in article- K01524704

This tcp monitor is working as expected. However the new requirement is to setup mTLS between F5 and pool members. I have installed server-side certificate and the same has been installed at pool member servers (with mTLS feature enabled at pool member servers). The same TCP binary health monitor making the pool members down, however it is working with default tcp monitor (only tcp handshake to check port status). I have tried using HTTPS health monitor with same binary values in send/receive strings with server SSL profile in monitor advance setting but it didn't work. Any advise would be appreciated.

 

  • SID89's avatar
    SID89
    Icon for Nimbostratus rankNimbostratus

    Hi Enes_Afsin_Al Thank you for looking into this. We have Thales HSM device behind F5 and that doesn't support GET or POST methods for probing. As I mentioned same binary string values (type TCP monitor) are working fine, however it doesn't when used with type HTTPS monitor with SSL profile (as a client certificate serving pool members). When enabled health monitor logging on HTTPS monitor, it fails to complete SSL handshake.