For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jad_Tabbara__J1's avatar
Jad_Tabbara__J1
Icon for Cirrostratus rankCirrostratus
May 16, 2019
Solved

Does F5 encrypts traffic internally from a VS to another VS ?

Dear community,    Context VS_Parent with clientssl + serverssl profiles and an iRule (that is responsible for routing the traffic to the child VSs based on the FQDN for example)  VS_Child1  has ...
application delivery
BIG-IP
LTM
  • youssef1's avatar
    youssef1
    May 21, 2019

    Hi Jad,

     

    I had already asked myself the question.

     

    So Yes, F5 encrypts traffic routed from a VS_Parent to a VS_Child.

     

    I validate my supposition by removing SSL Client in VS_Child  and noticed that access to my service was not functional.

     

    Additional you can use my Debug irule (hosted in devcentral) that allow you to see that Cipher/protocol used in both VS (Child an parent).

     

    I advise you to process a ssldum using this kb:

     

    https://support.f5.com/csp/article/K10209

     

    So in child vs, initiate a basic capture:

     

    tcpdump -vvv -s 0 -nni external -w /var/tmp/www-ssl-client.cap host 10.1.1.100 and port 443

     

    then check ssl exchange:

     

    ssldump -nr /var/tmp/www-ssl-client.cap

     

    keep me in touch.

     

    regards,

youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
May 21, 2019

Hello Jad,

 

Glad to have been able to bring you my help my dear.

 

Regards