NimbostratusWe are terminating SSL right on the server (node) which is listening on TCP 9443. Our VS is listening on 443, HTTP profile is set to none and port translation is enable. In this scenario we are not able to display the page. When we change VS to listen on 9443 we have no issues. Any idea why?
AltostratusJust set the 9443 port in node configuration and keep your VS on 443.
CumulonimbusHi,
use a capture tool to check if there is a http redirect to the 9443 port.
NimbostratusNo, it doesn't works. When I set VS to listen on all ports I'm getting a security warning (old cert on the server) but I have to click twice on 'continue' to see the page.
CumulonimbusNimbostratusI answered on Renato segustion. Soon server admin will insatall a valid certificate and than I will try again.
Cumulonimbusif you configure SSL terminaison on F5, there is no need to install a valid certificate on server.
you must create:
after that, try to connect with firefox and firebug enabled and check if server reply with port 9443 in redirect of html links.
NimbostratusI know that this scenario will works, we have many SSL termination on F5. Request from the client is not to install on F5, only on the servers. That kaind scenario also works as long we don't do any port translation. Unfortunately server can't listen on 443, only on 9443.
Cumulonimbus
NimbostratusNimbostratusTCP port translation is not working, I don't see session to server on any port. Under pool I'm allowing SNAT. Nodes are set to TCP 9443 VS setting: Type: standard Service port: 443 protocal profile: tcp other protocols are set to none Address and port translation: enable
I tried type performance layer 4, did not work
NimbostratusNimbostratusI don't have design problem, just protocol translation in this specific setting is not working. SNAT is enabled, I have many VS configured with out any problems. If VS and nodes are listen on the sam TCP port everything works. If I VS is listen on a different port than nodes, transaction is failing.
Nimbostratus