NimbostratusInstead of HTTPS, I want to do the TCP SSL load balancing on LTM? Can I do it and how to configure it? If yes, can I also do the SSL client Authentication on the TCP SSL?
EmployeeInstead of HTTPS, I want to do the TCP SSL load balancing on LTM? Can I do it and how to configure it?
Yes it is possible. Understand that these are all different layered OSI protocols. TCP is layer 4, SSL is layers 5/6, and HTTP is layer 7. So HTTPS is simply HTTP wrapped in the underlying SSL protocol as it makes its way up/down the stack. You can apply a client SSL profile in any situation where the wrapped application layer protocol supports it.
If yes, can I also do the SSL client Authentication on the TCP SSL?
The answer to this is dependent on what you mean by authentication. Client certificate mutual authentication? Sure. Then what do you want to do with that information? One important caveat I'd mention is persistence. SSL persistence is not always the most reliable thing, so if the underlying application protocol supports some form of persistence tracking, or you're okay with layer 4 source address affinity, then I'd use that.
CirrostratusI can't see why not although I think you'll need to expand on what you mean by TCP SSL in order for me to be sure. SSL runs on top of TCP from an OSI perspective.
Regardless, nothing in the SSL Profiles is specifically tied to HTTP related operations so termination, client authentication etc. should work as long as you have a client that provides the necessary protocol support.
CumulonimbusTo add my 2 cents on the first part of the question, yes you can and I am currently doing it. Just a TCP profile with no HTTP profile. I'm doing back to back SSL, so I have a server and client SSL profiles. The app requires no persistence between TCP sessions so I don't have to worry about that.
Cirrostratus