Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

SSL offloading on a non-ssl VS

I'd like to set up a virtual server which listens on non-ssl port but the pool members needs to be ssl. Here's the flow, F5 Virtual Server (80) -- Pool (443) and the response should be sent back to 80 to Virtual server. How should I achieve this ? iRule or through SSL profiles ? enabling server ssl and client ssl to empty? will it do it ?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Did you configure HTTPS custom monitor(Send/Receive String) on pool and rest configuration will be same for HTTP VIP but don't forget to apply server side ssl profile.

Image Text

FYI, For troubleshooting you can apply insecure-serverssl profile to HTTP VIP and check the connectivity and do the fine tuning.

Let us know if any question.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

The answer is in the question!!!

If the virtual server have a serverssl profile without clientssl, it will have the expected behavior!

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Susheel,

LTM operates always in a full-proxy mode, where the client side connection and server side connection is completely separated.

You can configure the client side connection on whatever port you need (via VS setting) and with or without SSL encryption (via Client-side SSL Profile settings) and combine it with a server side connections on whatever port you need (via Pool Members) with or without SSL encryption (via Server-side SSL Profile). Sky is just the limit in this case...

You will only need to deploy an iRule/LTM Policy if your scenario requires to selectively switch between Server-Side-SSL or Server-Side-Plaintext on the same VS.

Cheers, Kai

0