SSL persistence question

Question

We have LTM 9.4.3 HF2. Trying to use LTM to load balance https requests to two websever nodes with SSL persistence in round robin fashion. There are two limitations: 
&nbsp;  
&nbsp; 1. LTM doesn't have the SSL certs. 
&nbsp; 2. Source IP address is NAT from a trusted site i.e.,  same source IP is used for all clients. 
&nbsp;  
&nbsp; Q1. Can we have SSL persistence without terminating SSL on the F5? 
&nbsp;  
&nbsp; Q2. If yes, do we still create Clientside SSL and Serverside SSL profiles with persistence settings but WITHOUT SSL certs?  
&nbsp;  
&nbsp; Q3. If SSL persistence is not reliable or cannot be used, is there a sample code that implements https session persistence using other methods such as Universal persistence? 
&nbsp;  
&nbsp; I appreciate your help. 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Ali 
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp;

hooleylist · Answer

Hi Ali, 
&nbsp;  
&nbsp; 1. Yes (See: https://support.f5.com/kb/en-us/solutions/public/3000/000/sol3062.html) 
&nbsp; 2. No--the certs are handled only on the client and server 
&nbsp; 3. Only if you decrypt the SSL traffic on LTM using a client SSL profile 
&nbsp;  
&nbsp; Hope this gets you started. 
&nbsp;  
&nbsp; Aaron

afara2000_1973 · Answer

Thanks Aaron. Will follow instructions to create a persistence profile of SSL type and see if both persistence and load balancing ocurrs. Thanks for your help.

Forum Discussion

SSL persistence question

2 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

SOCKS5 SSL Persistence

Persisting SSL Connections

SSL Orchestrator Advanced Use Cases: Outbound SNAT Persistence

Health monitor question

F5 Connection Mirroring question