Monitor showing Down

A monitor for port 80 will be configured without security (SSL/TLS). When trying to run the same monitor on port 443, it's then trying to talk plain-text to an encrypted server. So won't work.

 

 

You need to create a new monitor (Can use the original port 80 for the parent) with security (SSL/TLS) enabled.

 

 

H

Here are the monitor configs for port 80 (working) and 443 (not working )

 

 

Port 80 - Working Monitor

 

 

DeviceA ~ b monitor http_80_Pqr_mn list

 

monitor http_80_Pqr_mn {

 

defaults from http_default_mn

 

send "GET /HeartBeat/Heartbeat.html HTTP/1.0\r\n\r\n"

 

 

Port 443 - Not Working Monitor

 

 

DeviceA b monitor https_443_pqr_mn list

 

monitor https_443_pqr_mn {

 

defaults from https_default_mn

 

send "GET /HeartBeat/Heartbeat.html HTTP/1.0\r\n\r\n"

 

 

Do you see any difference? What is missing?

have you tried the send string with openssl s_client against https pool member? did it work?

 

 

by the way, what bigip version are you running?

 

nitass,

 

 

version is BIG-IP Version 10.2.1 496.43

 

 

i did not quite understand -have you tried the send string with openssl s_client against https pool member? did it work?

 

 

can you elaborate with example on the new configuration?

e.g.

 

 

testing HTTPS with openssl

 

http://blog.yimingliu.com/2008/02/04/testing-https-with-openssl/

is there any other reason you can see or have come acrossed, why the monitor with same pool members is working on port 80 and not working port 443?

 

 

Port 80 and 443 are responding from F5 on the pool members.

any ideas nitass?

Do you see the HTTPS web service logging anything for the requests?

 

 

Do you a receive string configured on the monitor?

 

 

As Nitass suggested, can you use 'openssl s_client -connect 1.1.1.1:443' and then type in the HTTP request to generate a similar request as the monitor send string? Instead of typing out the \r\n's, just hit enter.

 

 

Aaron

thanks for the response Aaron,

 

 

1. Do you see the HTTPS web service logging anything for the requests? - Did not see this but from F5 using tcpdump i can see response coming on port 443 from both the DIPs

 

 

2.The monitor status for https for the 2 DIPs shows as Inactive, Down. - Is it necessary that DIPs gateway should be F5 for monitor to work?

 

 

If the gwy is upstream router, will the monitor fail?

 

 

3.There is no receive string configured on the monitor? - Is the receive string mandatory to be defined?

 

 

4. Can you use " openssl s_client -connect 1.1.1.1:443" - you mean execute this cmd from the F5 prompt ?

 

 

and for sending request, are you suggesting i use only, " GET /HeartBeat/Heartbeat.htm" and NOT the part "HTTP/1.0\r\n\r\n" ?

 

 

Plz confirm.

Going back to the obvious bits... What happens when you try to do the same query with curl from the ltm command line (Bash shell).

 

 

curl -kv https://Heartbeat/Heartbeat.htm

 

 

 

H