Forum Discussion
Big-IP and reserved SSL port numbers
Hello,
We have Big-IP and an application that currently uses a reserved port (for example 4799) for Client-server communication.
What options do we have from a Big-IP perspective.
Is Big-IP "pass through" the only option or is there any suggestions or previous documents / discussion that I could research?
Could I get BIG-IP to decrypt/encrypt the communication between the client and F5 and forward the communication on to the server using a different port number (ie, 799) in decrypted form?
The steps that I think need to happen are as follows :-
1) Import the SSL Certificate and Key & Configure the SSL Profile
2) Create / Configure the Server Pool with an address / service port / Round Robin
3) Create a virtual server with a service port and add the SSL Profile with destination address and service port
I am new to Big-IP and I have a lot to learn :-)
Thanks in advance for anyone giving me a direction to look at !
Hi,
Configuring SSL Offloading, SSL Bridging or SSL Pass-through depends on your requirement and type of design. To know more about these modes, you can check below article.
https://support.f5.com/csp/article/K65271370
Now coming to your question. Lets say, you want your application on secured port 443 from Internet and you have your application running on port 799 with no encryption.
In this case, you will need only client SSL profile to be mapped on the virtual server i.e. SSL Offloading. In this case, client request to F5 comes as encrypted. Then F5 decrypts that traffic and send plain traffic to backend pool member.
In any case, if you want to have encrypted traffic on both client-to-F5 as well as F5-Backend_Server, in this case, you would need to have client ssl as well as server ssl profile on the virtual server.
You need to have proper certificates and key configured under SSL profiles.
Hope it helps!
Mayur
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com