CirrostratusHi All,
Can any one help me ,how to enable TLS .
i have below requirement.
2 pool member having port 25 1 VIP address having port 25
customer want to enable TLS feature.
Regards Prasanna AR
CirrostratusWhat type of Virtual Server are you using? Will the TLS be terminated on the real servers or do you want to terminate on the F5?
Cirrostratusits normal virtual config
virtual netmail.usa.com_25 '{ snat automap pool netmail.usa.com_25 destination 110.90.3.19:25 ip protocol tcp persist source_addr }'
yes i want to terminate on the F5
Cirrostratusthanks i have edited...
CirrostratusIt seems an iRule is your only option, see here: https://devcentral.f5.com/articles/iruleology-ndashsmtp-start-tls. Note you'll need a suitable ClientSSL profile assigned to the VS and it'll need to be listening on 25 and 465 I think.
CirrostratusBased on our testing it appears that with the iRule we can successfully establish a secure TLS session between the Internet (MS Office 365 cloud) and the DMZ load balancer. However, the client needs the TLS session to extend all the way to the xchange servers. the LB can be configured to subsequently request/establish a TLS session to the pool members as well. We need to provide a response to the client fairly quickly
CirrostratusWell, that's much easier. Just use a Performance L4 VS, no ClientSSL profile. Just find out what port the TLS will run on, most likely 465.
Cirrostratusthey are using port 25 for smtp....
could you please give some more details, we need to use Fast L4 and how to enable the TLS..if we use Fast L4 we need to remove the Irule right? then how TLS will work
CirrostratusThe exchange servers (as per the requirement) will handle the TLS, you'll just be load balancing at layer four to those servers.
So, just remove the iRule and the ClientSSL profile, apply the default FastL4 profile and off you go. If you want to tweak the FastL4 profile, feel free but the default should be fine.
Hopefully I'm being clear but if not, post back.