-- Exhibit –
-- Exhibit --
Refer to the exhibit.
Which profile could be removed or changed on this virtual server to reduce CPU load on the LTM device without increasing server side bandwidth usage?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
A pair of LTM devices are deployed in a high-availability (HA) pair as the diagram shows. After inserting a new rule on the firewalls, the LTM devices become Standby. The rule drops all outbound sessions to the Internet. Only inbound connections are allowed from the Internet. There are no other changes to the environment.
What triggered the LTM device failover?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
An LTM Specialist is reviewing the 'test' partition.
Which objects, in order, can be removed from the partition?
An LTM Specialist sees these entries in /var/log/ltm:
Oct 25 03:34:31 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:33 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Assume 172.16.20.0/24 is attached to the VLAN "internal."
What should the LTM Specialist use to troubleshoot this issue?
The following decoded TCPDump capture shows the trace of a failing health monitor.
00:00:13.245104 IP 10.29.29.60.51947 > 10.0.0.12.http: P 1:59(58) ack 1 win 46
0x0000: 4500 006e 3b19 4000 4006 ce0c 0a1d 1d3c E..n;.@.@......<
0x0010: 0a00 000c caeb 0050 8be5 aca3 dd65 e3e1 .......P.....e..
0x0020: 8018 002e 1b41 0000 0101 080a 94b3 5b5c .....A........[\
0x0030: 0e30 90ad 4745 5420 2f74 6573 745f 7061 .0..GET./test_pa
0x0040: 6765 2e68 746d 6c20 4854 5450 312e 310d ge.html.HTTP1.1.
0x0050: 0a48 6f73 743a 200d 0a43 6f6e 6e65 6374 .Host:...Connect
0x0060: 696f 6e3a 2043 6c6f 7365 0d0a 0d0a 0105 ion:.Close......
0x0070: 0100 0003 00 .....
00:00:13.245284 IP 10.0.0.12.http > 10.29.29.60.51947: . ack 59 win 362
0x0000 0ffd 0800 4500 00c9 6f68 4000 8006 755d ....E...oh@...u]
0x0010 0a29 0015 0a29 0103 0050 e0d6 4929 90eb .)...)...P..I)..
0x0020 6f12 d83c 8019 fab3 9b31 0000 0101 080a o..<.....1......
0x0030 0068 4e10 5240 6150 4854 5450 2f31 2e31 .hN.R@aPHTTP/1.1
0x0040 2034 3030 2042 6164 2052 6571 7565 7374 .400.Bad.Request
0x0050 0d0a 436f 6e74 656e 742d 5479 7065 3a20 ..Content-Type:.
0x0060 7465 7874 2f68 746d 6c0d 0a44 6174 653a text/html..Date:
0x0070 2054 6875 2c20 3231 204a 616e 2032 3031 .Mon,.01.Jan.201
0x0080 3020 3138 3a35 383a 3537 2047 4d54 0d0a 2.00:00:01.GMT..
0x0090 436f 6e6e 6563 7469 6f6e 3a20 636c 6f73 Connection:.clos
0x00a0 650d 0a43 6f6e 7465 6e74 2d4c 656e 6774 e..Content-Lengt
0x00b0 683a 2032 300d 0a0d 0a3c 6831 3e42 6164 h:.20....
0x00c0 2052 6571 7565 7374 3c2f 6831 3e .Request
The health monitor is sending the string shown in the capture; however, the server response is NOT as expected. The correct response should be an HTML page including the string 'SERVER IS UP'.
What is the issue?
The LTM device is configured to provide load balancing to a set of web servers that implement access control lists (ACL) based on the source IP address of the client. The ACL is at the network level and the web server is configured to send a TCP reset back to the client if it is NOT permitted to connect.
The virtual server is configured with the default OneConnect profile.
The ACL is defined on the web server as:
Permit: 192.168.136.0/24
Deny: 192.168.116.0/24
The packet capture is taken of two individual client flows to a virtual server with IP address 192.168.136.100.
Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100:
Clientside:
09:35:11.073623 IP 192.168.136.1.55684 > 192.168.136.100.80: S 869998901:869998901(0) win 8192
09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S 2273668949:2273668949(0) ack 869998902 win 4380
09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1 win 16425
09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:35:11.081029 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299 win 4678
Serverside:
09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S 685865802:685865802(0) win 4380
09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S 4193259095:4193259095(0) ack 685865803 win 5840
09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1 win 4380
09:35:11.081955 IP 192.168.136.1.55684 > 192.168.116.128.80: P 1:299(298) ack 1 win 4380
09:35:11.083765 IP 192.168.116.128.80 > 192.168.136.1.55684: . ack 299 win 108
Client B - Src IP 192.168.116.1 - Virtual Server 192.168.136.100:
Clientside:
09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S 3320618938:3320618938(0) win 8192
09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S 3878120666:3878120666(0) ack 3320618939 win 4380
09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1 win 16425
09:36:11.245830 IP 192.168.116.1.55769 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299 win 4678
Serverside:
09:36:11.245940 IP 192.168.136.1.55684 > 192.168.116.128.80: P 599:897(298) ack 4525 win 8904
09:36:11.247847 IP 192.168.116.128.80 > 192.168.136.1.55684: P 4525:5001(476) ack 897 win 142
Why was the second client flow permitted by the web server?
An LTM Specialist is troubleshooting a problem on an eCommerce website. The user browses the online store using port 80, adding items to the shopping cart. The user then clicks the "Checkout" button on the site, which redirects the user to port 443 for the checkout process. Suddenly, the user's shopping cart is shown as empty. The shopping cart data is stored in memory on the server, and the default source address persistence profile is used on both virtual servers.
How should the LTM Specialist resolve this issue?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
Users receive an error when attempting to connect to the website https://website.com. The website has a DNS record of 195.56.67.90. The upstream ISP has confirmed that there is nothing wrong with the routing between the user and the LTM device.
The following tcpdump outputs have been captured:
External Vlan, filtered on IP 168.210.232.5
00:25:07.598519 IP 168.210.232.5.33159 > 195.56.67.90.https: S 1920647964:1920647964(0) win 8192
00:25:07.598537 IP 195.56.67.90.https > 168.210.232.5.33159: S 2690691360:2690691360(0) ack 1920647965 win 4350
00:25:07.598851 IP 168.210.232.5.33160 > 195.56.67.90.https: S 2763858764:2763858764(0) win 8192
00:25:07.598858 IP 195.56.67.90.https > 168.210.232.5.33160: S 1905576176:1905576176(0) ack 2763858765 win 4350
Internal Vlan, filtered on IP 168.210.232.5
00:31:46.171124 IP 168.210.232.5.33202 > 192.168.100.20.http: S 2389057240:2389057240(0) win 4380
What is the problem?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
An LTM Specialist is troubleshooting a new HTTP monitor on a pool. The pool member is functioning correctly when accessed directly through a browser. However, the monitor is marking the member as down. The LTM Specialist captures the monitor traffic via tcpdump.
What is the issue?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
The virtual server is listening on port 443.
What is the solution to the problem?
TESTED 16 Jul 2025