Forum Discussion

InquisitiveMai's avatar
InquisitiveMai
Icon for Cirrostratus rankCirrostratus
Dec 06, 2023

Can a pool member initiate a Secure session through F5

Is it possible for two seperate F5s  to communicate and do SSL offloading. The pool member of one F5 ex F5A would initiate the session through F5A . F5A would talk to F5B, F5B would talk to the B pool members.  F5A to F5B communication needs to be secure.  I see something about IP Forwarding VS but I do not see a SSL profile

 

  • InquisitiveMai Would you be able to provide a connectivity flow diagram as well as an example of what type of communication is occurring? I'm just not seeing why F5A would even need to be involved in the communication flow other than to forward traffic onto F5B like it does any other communication. Typically on F5A you have a forwarding VS that will route any traffic other than all the other VS to the destination. So clientA which is a node behind F5A would initiate an SSL connection to a VS on F5B which is encrypted after the SSL handshake and then F5B will balance that communication to pool members in the pool that is associated to the VS on F5B which would be an encrypted connection from end to end without involving F5A other than forward traffic like it would for any other routed traffic passing through it.

  • 1. create https virtual server in F5_B (assign client ssl profile)
    2. assign ssl server profile to virtual server of F5_A