Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

phillip-Newbie's avatar
phillip-Newbie
Icon for Nimbostratus rankNimbostratus
May 13, 2021

Big-IP and reserved SSL port numbers

Hello, We have Big-IP and an application that currently uses a reserved port (for example 4799) for Client-server communication. What options do we have from a Big-IP perspective. Is Big-IP "pa...
big-ip
security
Mayur_Sutare's avatar
Mayur_Sutare
Icon for MVP rankMVP
May 17, 2021

Hi,

Configuring SSL Offloading, SSL Bridging or SSL Pass-through depends on your requirement and type of design. To know more about these modes, you can check below article.

 

https://support.f5.com/csp/article/K65271370

 

Now coming to your question. Lets say, you want your application on secured port 443 from Internet and you have your application running on port 799 with no encryption.

 

In this case, you will need only client SSL profile to be mapped on the virtual server i.e. SSL Offloading. In this case, client request to F5 comes as encrypted. Then F5 decrypts that traffic and send plain traffic to backend pool member.

 

In any case, if you want to have encrypted traffic on both client-to-F5 as well as F5-Backend_Server, in this case, you would need to have client ssl as well as server ssl profile on the virtual server.

 

You need to have proper certificates and key configured under SSL profiles.

 

Hope it helps!

Mayur