Troubleshooting
Problem
When DataPower is an SSL client that is configured for mutual authentication, and it sends a certificate that is not trusted by the SSL server, an increase in CPU can occur and network errors can flood the system log.
Symptom
The following message could be produced repeatedly in the system log:
Wed Apr 07 2010 08:36:09 [mpgw][error] mpgw(test): tid(2899): Network Error on Back interface
As a result of the errors being logged repeatedly, a temporary increase in CPU can occur.
Cause
When SSL handshake failures occur, SSL negotiation can spin for the duration of the connection until the "Back Side Timer" expires to abandon the idle connection.
In general, it is by design that DataPower will aggressively pursue completion of the SSL handshake, if there are handshake failures or if there is latency in the backend server's handshake responses.
Resolving The Problem
Ensure that the SSL Crypto Profile on the DataPower appliance is configured to send the correct trusted certificate when it is acting as an SSL client for mutual authentication. Also, ensure that the remote SSL server is configured to accept the correct certificate from the DataPower SSL client.
Until the SSL configuration is corrected, a log target can be configured to suppress the 'Network Error on Back Interface' messages from flooding the log (error code 0x80e00127).
Was this topic helpful?
Document Information
Modified date:
21 June 2018
UID
swg21429963