- Troubleshooting general proxy availability and intermittent connectivity or backend application slowness related issues.
- Silverline DDoS
- Silverline WAF
Here's how to troubleshoot what the issue is, so that you can find the solution:
- Using the portal, check Proxy Health Monitoring
- Check if you are able to connect to the backend directly, bypassing Silverline proxy. Adding an entry to the host file can help to bypass WAF, for instructions refer to How To Test The Silverline Proxy Using 'Hosts' File On Windows PC
- For WAF proxies, check recent violation logs for recently blocked requests.
- For Proxies that have any iRule applied to it, check iRule stats for any blocks or other events that might be causing the issue.
- Changes in DNS configuration or SSL management may sometimes cause the host not to resolve to correct IP or errors in the SSL handshake. Following tools can be used to check the connectivity and SSL handshake:
- For Windows user you can use nslookup to check what IP the host resolve to:
- nslookup <host_name>
- *nix users can use dig
- dig <host_name>
- On *nix systems one can use tools such as wget or curl to check the connectivity with the destination host using bash. For the use and syntax please refer to online documentation
- For SSL related issue 'openssl s_client -connect' can be used
- example: openssl s_client -connect <example.com>:<SSL port number>. If there are no errors, it's a good indication that the TLS communication layer works as expected. If you encounter any errors, get a copy of the output for analysis.
- Check portal proxy and/or SSL stats for any abnormalities
- If the cause of the error can be determined and points back to setting in the SSL configuration, please use the following guide for details on configuration options available in the Silverline portal. Note that some of these settings can be amended by the SOC only.
For any Issues related to slowness/performance degradation, check and modify proxy advanced settings.
If you require assistance from the F5 Silverline SOC, collect the following data before opening a ticket. This will help our analysts to perform initial investigation of the symptoms you encounter. Then open a ticket.
- Name of the proxy and request URI
- Public source IP address of the tester
- If the issue can be reproduced using the browser, collect HAR file. -- See How to Generate HAR Files
- Outputs of curl, wget or openssl
- Packet capture if available
- Detailed description of the problem