SSL transparnecy

Question

Hi All,&nbsp;
&nbsp;I was wondering if it is possible to configure Big IP in the following way?&nbsp;
&nbsp;2 or more web servers with SSL. 2 Big IP in failover, with 1 VIP for web servers. The client connects to the VIP with HTTPS which is balanced to one of the web servers. I don't want the F5 to offload the SSL, i want this to passthrough to web servers. Essentially having the Big IP only load balance.&nbsp;
&nbsp;I know it's better have the Big IP to offload the SSL, but this is what i've been asked to do...

joe_pruitt · Answer

You can absolutely have BIG-IP just do the load balancing without ssl offload.  The only issue is that you will lose any sort of content inspection (ie, the BIG-IP will not be able to see any HTTP headers/cookies/payload/etc).  So if you want to do custom persistence, routing, or redirection based the URI/hostname/cookies/form parameters/etc) you'll be out of luck.  You have to be able to decrypt the traffic to be able to look inside of it.&nbsp;
&nbsp;-Joe

ian_amos_37833 · Answer

Sorry to resurrect an old post, but how do you configure this? &nbsp;
&nbsp;I've looked at simply not assigning Client or Server SSL profiles, but that doesn't seem to have helped.. &nbsp;
&nbsp;NVM, realised my mistake.. I'd left the HTTP profile in place, and this was obviously changing something as I got 'TLS error'...

Forum Discussion

SSL transparnecy

2 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

SSL Profiles

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

SSL protocol mismatch

SSL Orchestrator Advanced Use Cases: DNS Sinkholing