This is usually the setup which is done while working with F5 with Akamai
- Silverline WAF
- Silverline DDoS
- Use OneConnect profile in F5 to listen to HTTP layer instead of TCP.
- F5 should listen to "X-forwarded-for" or "True-client-IP" HTTP headers for session stickiness to work properly. Based on the Akamai configuration you should choose the best option for your specific use case (based on if "true-client-ip" header rule is enabled or not.
- The PCONN/Keep-Alive value should be set to be greater than the one that is on Akamai configuration
- Akamai default value is 300 seconds, therefore origin timeout value should be set to 301 seconds.
- All other appliances such as firewall and web application servers should maintain similar timeout parameters.
- Verify with Akamai if the web application server is sending a TCP close action to F5.
- This should not terminate the TCP connection with Akamai, but only close the relevant HTTP connection.
- TCP session is used for other transactions, as well on Akamai end to your origin / Load Balancer.