'Waiting for TLS handshake' randomly, constantly since Monday

dbeato

@momurda Enable Sticky as below

https://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/nat/server_load_balancing_config_c.html

JaredBusch

@momurda said in 'Waiting for TLS handshake' randomly, constantly since Monday:

In the Watchguard, there is no User Source and Desination IP Address Binding option. There is a Sticky Connections option.
So i think in WG my best option is to force all connections to use CLink at the Policy level. Whats interesting about this setup you can do this for any firewall policy, regardless of your MultiWan settings. I havent enabled this, but it would look like below(this is a snip that i setup but didnt apply to WG):

It depends on what you want. Your stated goal was load balancing. The watchguard can do it if you set it up properly. You did not do it properly and had problems. This is not a surprise.

But that does not mean to then not use load balancing at all.

It mean go back and RTFM and set it up properly.

Conveniently, you do not even have to RTFM because @dbeato has posted the instructions for you.

momurda

@jaredbusch said in 'Waiting for TLS handshake' randomly, constantly since Monday:

.

Ive already set sticky connections in the Global MultiWan.
The override option for this policy cant be enabled.

dbeato

@momurda But did you increase the default timeout from 3 minutes to let's say 10 minutes or so?

momurda

@dbeato Yes, 10 minutes actually, some time this morning.