Best practices using front-VS and back-VS solutions

Question

Hi, tries to find some best practices how to use a front-end VS (LTM) and back-end VS (LTM+APM) on same BigIP. The front VS represent the host and the path different applications. In my configuration the front VS calling the back VS using irule command "virtual vs-name". The front-end VS also have pool select for applications that does not need to be handled by APM (back-end VS). The front-end VS has both client SSL-profile and server SSL-profile enabled. The back-end VS has only server SSL-profile. I use "SSL::disable" and "SSL::enable" depending on what kind of pools that will be selected. For all applications that need to go through an APM Policy the front-end VS send this to the back-end VS. I do not use OneConnect profile.&nbsp;
The front-end VS has public IP addresses but the back-end VS has private addresses that is not a part of a Self-IP.&nbsp;
The solution is working fine but I am looking for improvements or to hear other experiences. &nbsp;
Regards
Erik&nbsp;

kevin_stewart · Answer

This is a reasonable solution, and I believe you can also do this in a CPM policy.&nbsp;

Forum Discussion

Best practices using front-VS and back-VS solutions

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

AS3 Best Practice

F5 Certified Practice Exams

Security Best Practices for F5 Products

Modern Applications-Demystifying Ingress solutions flavors

Cipher Suite Practices and Pitfalls

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS