Idea Details

F5 TLS connection stats in PM

Last activity 03-08-2018 10:54 AM
Josh Bovee's profile image
12-12-2016 04:49 PM

The vendor certification for F5 Big IP Client Side SSL Profiles currently has metrics defined for SSL v2, SSL v3 and TLS v1 connections.  Now that SSL v2 and v3 have been pretty much eliminated in the wild, it would be much more useful if the vendor family (and the Client SSL Profile Page views) contained the metrics for TLS v1.0, TLS v1.1 and TLS v1.2 connections instead.  The OIDs are defined in the F5-BIGIP-LOCAL-MIB.mib file as 1.3.6.1.4.1.3375.2.2.6.2.2.3.1.34 for v1.0, 1.3.6.1.4.1.3375.2.2.6.2.2.3.1.57 for v1.1 and 1.3.6.1.4.1.3375.2.2.6.2.2.3.1.58 for v1.2.  I'm aware that support could be done via custom vendor cert, but due to the nature of today's SSL needs it is something that the customer base at large could benefit from.  Please add it in to the roadmap for PM.  Thanks.


Comments

03-08-2018 10:54 AM

I actually did request it as an on-demand certification and it was delivered.  I just forgot to do a followup here.  Thanks for reviewing it though!

03-08-2018 10:47 AM

I just reviewed this and will send this to our certification team - in the future if you would like a change to certifications feel free to open a support ticket and treat this like a certification request - you can even request as an on-demand certification.

06-13-2017 04:41 PM

So I actually got this working in our environment.  Added TLS 1.1 and 1.2 along with DTLS metric collection/reporting, but is there a plan to add this in to the factory metric profiles?  It'd be very useful for everyone monitoring F5 devices.

03-01-2017 08:32 AM

This question just came up again with some of my users yesterday.  Any thoughts/progress on the idea?