The Firewall On Our Load Balancer Is Blocking Good And Bad Requests On Convergence 2 And 3 (Doc ID 2218691.1)

Last updated on DECEMBER 31, 2016

Applies to:

Oracle Communications Convergence - Version 2.0 and later
Information in this document applies to any platform.

Symptoms

The Firewall on our Load Balancer A10 is blocking good and bad requests on Convergence 2 and 3.

We are working on an upgrade to replace Convergence 2 with Convergence 3.  In our new architecture we moved all functionality to GlassFish server and for redirection and balancing, we use a Load Balancer A10.  For security reasons, we want to activate WAF (Web Application Firewall) on the A10 but the firewall is blocking both good and bad requests towards Convergence.
We use the following Load Balancer in our testing:
------------------------------------
Load Balancer A10 Networks
Model: TH4430S
ACOS: 64-bit version 2.7.2-P8, build 164
Firmware : 5.6

The version of Convergence 3 is 3.0.1.3.0.

The requests are blocked on both test environments for Convergence 2 and Convergence 3.

The WAF logs show errors of the following:

Mail access:

On the Convergence side, when a user tries to send an email, they get a popup that reads:

   Unable to load https://FQHN/iwc/svc/wmap/msg.mjs?rev=3&sid=
   status:0

When a user tries to access calendar, they get a popup that reads:

   Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'https://FQHN/iwc/svc/wcap/get_calprops.wcap'

If we disable the WAF, everything works as expected.

Changes

Activated WAF on the A10 firewall.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms