VS for ssl pass-thru

what about performance L4?

 

 

sol12015: Configuration requirements for SSL virtual servers, profiles, pools, and monitors (Virtual servers capable of performing SSL passthrough section)

 

http://support.f5.com/kb/en-us/solutions/public/12000/000/sol12015

If by "SSL pass-thru" that you don't want to decrypt and re-encrypt, then a standard, performance L4, or most of the other virtual server types will work. You must not apply any profiles that would try to act on unencrypted (L7) data, so no HTTP profile. You can still apply profiles that act on L4 data though, so SNAT is okay. Simply create a standard (or Perf L4) virtual server and do NOTHING but assign the destination IP and port and the pool of 443 servers, this will allow SSL pass-thru.

If you do want to do more L7 stuff, you ned to create and add an SSL client profile (faces the clients) and an SSL Server profile (RUns between the BigIP and the servers). Then you have access to the unencrypted stream that will let you add http profiles, streams etc and act o the unencrypted data.

 

 

H

Thank you all.

 

I will try the L4 VS, the only we need is to have are snat, vlan and persistence profile for the SSL pass-throu as the application needs to have a uniq client cert on every clients.

 

 

Jan