TCP monitor vs TCP Half Open

Question

Hi Guys!&nbsp;
Got a question for you ... I have a pool of Citrix Gateways, configured with the default TCP monitor. This is causing the gateways to log an error of this sort "SSL three way handshake error" every 5 seconds, apparently because the TCP monitor doesn't close the connection.&nbsp;
I changed the monitor in our dev environment to TCP Half Open, which, according to what I've read, sends a RESET after receiving the ACK/SYNC from the pool member, so the connection is closed properly.&nbsp;
My question is (before I put this in production) : Does the TCP monitor catch something that the Half OPen doesn't and which could interest me?&nbsp;
Thanks,
Fabian&nbsp;

brad_parker · Answer

You are most likely getting the SSL failure because with a TCP monitor you complete a full three-way handshake. Since you are using a TCP monitor against an SSL interafce it then tries to initiate the SSL handshake and fails. TCP Half-Open doesn't complete the three-way handhsake since it sends a RST instead of an ACK, so it never attempts the SSL handshake. So, in short the TCP vs Half-open will only give you the knowledge that a full TCP handshake can occur vs it responding on the port.

dicky_moe_13167 · Answer

Great! thanks.&nbsp;
Fabian&nbsp;

Forum Discussion

TCP monitor vs TCP Half Open

2 Replies

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

AppWorld 2024 Call For Speakers open

Is 2015 Half Empty or Half Full?

Monitoring Open Source databases with BIG-IP

Is 2016 Half Empty or Half Full?

Fortify HashiCorp Terraform Cloud automation for BIG-IP using Open Policy Agent - OPA