Forum Discussion
What_Lies_Bene1
Nov 12, 2012Cirrostratus
OK, so, assuming it's OK terminating SSL at the F5 I'd recommend;
a) Configure the 443 VS to terminate the SSL and apply a custom Cookie Persistence profile (if the server currently terminates the SSL, some reconfiguration at the server may be required) and OneConnect profile
b) Configure the 8443 VS as a standard VS with a HTTP profile (no SSL profile) and apply the same Cooke Persistence profile and OneConnect profile
c) Use the a custom http monitor to do the health check for each pool (do not specify a port, it'll use the Pool Member port automatically). You could also use tcp_half_open but http is preferable.
If it's possible to use source IP address persistence, that might be more reliable with the 'Match Across Services and Pools' options enabled
You may need to do some tcpdumps on the F5 to better understand the port 8443 traffic?