NimbostratusCan someone please explain how F5 LTM decrypt SSL traffic? Is it the same concept as SSL offloading?
My understanding is on the following flow: Browser -> SSL web site abc.com -> F5 -> decrypt SSL traffic -> F5 inspection -> encrypt SSL traffic -> abc.com server
F5 LTM will decrypt SSL traffic, and then perform inspection, and then encrypt SSL traffic again, or will remain in plaintext?
Thanks again!!
EmployeeFirst consider that the BIG-IP (LTM) is a FULL PROXY architecture, which essentially means that controls and maintains two separate channels, one between it and the client, and one between it and the server. At a minimum this equates to separate TCP connections, but can also mean separate SSL sessions. We typically give different names to the way in which SSL is handled (or not handled) within the LTM:
SSL offload generally refers to doing SSL on one side of the proxy, usually the client side, and not doing SSL on the other side, usually the server side. In this case you just need the one SSL profile on that side that's terminating (or initiating) the SSL.
SSL bridging refers to the process of decrypting from the client (via client SSL profile) and re-encrypting to the server (via server SSL profile). And just like offloading, the LTM has access to the clear text application data in the middle.
SSL tunneling refers to not handling the SSL layer at all, where the LTM has neither client not server SSL profiles, and cannot access the application layer traffic. Tunneling also has the side effect of making persistence (load balancing affinity) and security controls harder to accomplish as the LTM is blind to the application data.