Raja_M
May 24, 2018Nimbostratus
SSL Offloading on F5 LTM
We have 2 VIP 1. VIP is on port 5555 and pool members also in service port. 2. VIP is on Port 5443 and Pool members in 5555.
They want to do ssl offload on the VIP will it work???
We have 2 VIP 1. VIP is on port 5555 and pool members also in service port. 2. VIP is on Port 5443 and Pool members in 5555.
They want to do ssl offload on the VIP will it work???
I personally don't see why not as I have a lot of customers using non standard ports for their web applications. I am curious as to why you wouldn't want to define a standard port on the virtual server as either users will need to manually define :5555 or you will need to create an iRule to redirect all requests to port 5555. As for the server side, the BIG-IP will perform any translation required to the service port of the pool members. At this point the BIG-IP is the client using ephemeral ports connecting to a static port on your web server. As long as the web server itself is listening on 5555 you should be fine. What are some of your concerns?
MY concern is if we add SSL certificate on non standard port VIP 5555 will SSL offloading work or not???
Yes, this will work. The virtual server will listen on the non standard port with a client SSL profile assigned. If you want to do true offloading with just HTTP to the web server then do NOT assign a server ssl profile. If you wanted to do bridging then simply assign a Server SSL profile to the virtual server.
Thank you so much
I personally don't see why not as I have a lot of customers using non standard ports for their web applications. I am curious as to why you wouldn't want to define a standard port on the virtual server as either users will need to manually define :5555 or you will need to create an iRule to redirect all requests to port 5555. As for the server side, the BIG-IP will perform any translation required to the service port of the pool members. At this point the BIG-IP is the client using ephemeral ports connecting to a static port on your web server. As long as the web server itself is listening on 5555 you should be fine. What are some of your concerns?
MY concern is if we add SSL certificate on non standard port VIP 5555 will SSL offloading work or not???
Yes, this will work. The virtual server will listen on the non standard port with a client SSL profile assigned. If you want to do true offloading with just HTTP to the web server then do NOT assign a server ssl profile. If you wanted to do bridging then simply assign a Server SSL profile to the virtual server.
Thank you so much