Hi @raji_toor
You now reached a point where it is at least possible, that something on the firewall ist not compatible with the F5. So at this point I would recommend to open a support case and then continue with the following troubleshooting (these logs will also be required in the support case).
Obbiously you need to change the IPs and maybe also the port, depending on your configuration
clear counter global
debug dataplane packet-diag clear all
debug dataplane packet-diag clear log log
debug dataplane packet-diag set filter match source 1.1.1.1 destination 2.2.2.2 destination-port 443 protocol 6
debug dataplane packet-diag set log feature proxy basic
debug dataplane packet-diag set log feature flow basic
debug dataplane packet-diag set log on
debug dataplane packet-diag set capture on
Then you connect to the VIP with decryption enabled and right after that enter the following command. In the output, maybe you already see a specific counter which could lead to the reason of the problem
show counter global filter packet-filter yes
Try to connect a second time and then stop the logging and capture
debug dataplane packet-diag set log off
debug dataplane packet-diag set capture off
Then aggregate the logs. The output of the command will show you the filename that you need to analyze
debug dataplane packet-diag aggregate-logs
Prior to analyze the logfile start now with generating a techsupportfile (for the supportcase)
Maybe for analysis you want to copy the logile away from the firewall to open it in a texteditor but of course you can also view it in cli. About here I don't know what to do exactly, I would scroll through the logs to find something that maybe shows the reason why the TLS handshake fails after the client hello.
... View more