genseek_32178
Apr 17, 2012Nimbostratus
Monitor showing Down
I have 2 DIPs configured with monitors on port 80 working fine.
But the same monitor on port 443 for the same DIPs is showing as Inactive, Down.
Any ideas..would help here.
genseek
But the same monitor on port 443 for the same DIPs is showing as Inactive, Down.
Any ideas..would help here.
genseek
You need to create a new monitor (Can use the original port 80 for the parent) with security (SSL/TLS) enabled.
H
Port 80 - Working Monitor
DeviceA ~ b monitor http_80_Pqr_mn list
monitor http_80_Pqr_mn {
defaults from http_default_mn
send "GET /HeartBeat/Heartbeat.html HTTP/1.0\r\n\r\n"
Port 443 - Not Working Monitor
DeviceA b monitor https_443_pqr_mn list
monitor https_443_pqr_mn {
defaults from https_default_mn
send "GET /HeartBeat/Heartbeat.html HTTP/1.0\r\n\r\n"
Do you see any difference? What is missing?
by the way, what bigip version are you running?
nitass,
version is BIG-IP Version 10.2.1 496.43
i did not quite understand -have you tried the send string with openssl s_client against https pool member? did it work?
can you elaborate with example on the new configuration?
testing HTTPS with openssl
http://blog.yimingliu.com/2008/02/04/testing-https-with-openssl/
Port 80 and 443 are responding from F5 on the pool members.
Do you a receive string configured on the monitor?
As Nitass suggested, can you use 'openssl s_client -connect 1.1.1.1:443' and then type in the HTTP request to generate a similar request as the monitor send string? Instead of typing out the \r\n's, just hit enter.
Aaron
1. Do you see the HTTPS web service logging anything for the requests? - Did not see this but from F5 using tcpdump i can see response coming on port 443 from both the DIPs
2.The monitor status for https for the 2 DIPs shows as Inactive, Down. - Is it necessary that DIPs gateway should be F5 for monitor to work?
If the gwy is upstream router, will the monitor fail?
3.There is no receive string configured on the monitor? - Is the receive string mandatory to be defined?
4. Can you use " openssl s_client -connect 1.1.1.1:443" - you mean execute this cmd from the F5 prompt ?
and for sending request, are you suggesting i use only, " GET /HeartBeat/Heartbeat.htm" and NOT the part "HTTP/1.0\r\n\r\n" ?
Plz confirm.
curl -kv https://Heartbeat/Heartbeat.htm
H