NimbostratusF5 Local traffic policy / wrong requirement!
Hi,
I worked on a customer deployment where we wanted to create a virtual server to dispatch HTTPS requests to internal virtual servers based on Host header.
In version 13.0, there is a condition
ssl-extension server-nameSo I tried to create a ltm policy with rules like:
- condition : Server name equals "mysite1.company.com"
- action : forward virtual server VS-mysite1.company.com
And tried to assign it to the VS with only ClientSSL profile. I can't because of policy requirements... When I looked in policy configuration in tmsh, the policy requires
http ssl-persistenceIn versions 11.X, this configuration was manual but starting with version 12, this is created automatically when selecting rule conditions and actions. I didn't checked if the requirements selected is also wrong in v12.
I so tried to create a policy and looked the generated configuration in TMSH
policy without rule
ltm policy Drafts/bug_policy_requires {
last-modified 2017-08-28:18:36:02
status draft
strategy first-match
}
Policy with one rule assigning pool without condition
ltm policy Drafts/bug_policy_requires {
controls { forwarding }
last-modified 2017-08-28:18:37:17
requires { http }
rules {
rule_no_condition {
actions {
0 {
forward
select
pool Pool_icap
}
}
}
}
status draft
strategy first-match
}
what configuration in this rule requires
httpPolicy with one rule assigning pool and with SNI condition
ltm policy Drafts/bug_policy_requires {
controls { forwarding }
last-modified 2017-08-28:18:38:20
requires { http ssl-persistence }
rules {
rule_condition_sni {
actions {
0 {
forward
select
pool pool_ad_http
}
}
conditions {
0 {
ssl-extension
ssl-client-hello
server-name
values { test.company.com }
}
}
ordinal 1
}
rule_no_condition {
actions {
0 {
forward
select
pool Pool_icap
}
}
}
}
status draft
strategy first-match
}
Why
ssl-persistenceclient-ssl
