Symptoms
SSL Orchestrator sends reset to the client when an initial ingress data arrives 5 seconds after tcp connection establishment. Reset cause is "cl side error (No error)".
Impact
SSL Orchestrator/BIG-IP rejects the client connection.
Conditions
-- SSL Orchestrator is licensed and provisioned.
-- Per-request policy is attached to virtual server.
Workaround
Modify 'tmm.access.prp_global_timeout' sys db value from default 5 seconds to some appropriate value like 30 or 60 seconds.
Example:
Following command sets this sys db variable value to 60 seconds.
#tmsh modify sys db tmm.access.prp_global_timeout value 60
Fix Information
SSLo no longer rejects the client's connection if an initial ingress data arrives 5 seconds after tcp connection establishment and per-request policy execution has finished.
