Forum Discussion

MAbbas's avatar
Icon for Cirrus rankCirrus
Sep 25, 2021

client and server side clone pool - https vip

hi all ,

i want to send all request and response traffic for a https vip to a clone pool .

do i need to have 2 vips -- one vip only with client ssl - and send client side decrypted traffic to clone pool

second with server side ssl that sends server side traffic to clone pool

any help or suggestion will be appreciated


4 Replies

  • Hi  Please help me to understand your requirement properly.


    Do you mean, for some of the traffic on the 443 listening VIP, you want plain traffic for server side connection and rest traffic on the same destination IP/VIP, the server side connection should be encrypted ? Kindly confirm if my understanding is correct?


    NOTE - If your destination VIP IP and port is same, you can create single VIP only. You won't be able to create another VIP with same IP and port. So if your use case is the same that I have said in first question, then you can achieve same using single VIP only. And the requirement can be fulfilled by having traffic matching conditions using LTM policy or iRule.

    • MAbbas's avatar
      Icon for Cirrus rankCirrus

      this is the question --

      if i have client side ssl - and server side ssl on a VIP - i get encrypted traffic and send encrypted traffic to pool .

      if i want to use clone pool for auditing .

      will the traffic sent to - client cone pool and server clone pool be encrypted on NON encrypted

  • If there is server ssl profile (server side SSL) configured on a VIP, it will always have secure or encrypted connection between F5 and backend server for all the pool behind it. If you want to bypass server ssl (server side SSL) for any specific pool, then you can do it using LTM policy or iRule.