Troubleshoot: How to view user remote access session
1) login to F5 device
2) access menu > overview > access reports
3) Choose a time frame the user attempted login
4) Click the sessionID of the attempted login
5) read the raw log to see why teh session failed, in this case, MFA didnt pass
Large Packet Offloading
This has not been an issue since 2020, but incase any devices show signs of remote access slowness for everyone, large packet offload may be a culprit.
offload = breaking packets into smaller chunks for traffic processing, this hinders remote access alot because RDP/VPNs love complete whole packets to have a smooth experience.
how to check offloading is disabled:
1) Login to the problem f5 device as root via SSH
2) Run command: ifconfig -a to get the name of the NIC, ex: VLAN226
3) to disable/enable:
list sys db tm.tcpsegmentationoffload
sys db tm.tcpsegmentationoffload disable
tmsh modify sys db tm.tcpsegmentationoffload value disable
tmsh modify sys db tm.tcpsegmentationoffload value enable
list sys db tm.tcplargereceiveoffload
tmsh modify sys db tm.tcplargereceiveoffload value disable
tmsh modify sys db tm.tcplargereceiveoffload value enable
ethtool -K eth1 rx off
ethtool -K eth1 lro off
ethtool -K eth1 gro off
ethtool -K eth1 tso off
ethtool -K eth2 rx off
ethtool -K eth2 lro off
ethtool -K eth2 gro off
ethtool -K eth2 tso off
ethtool -K VLAN226 gro off
ethtool -K VLAN_DMZ gro off
ethtool -K vlan_226 gro off
Reboot.