F5 certificate not working for all ports.

Please put here the output of

tmsh list /ltm virtual 

Hi Faruk, Please see below(for sake of sensitive information I have change some names)

[root@ltm-dmz-slo-01:Active:In Sync] config tmsh list /ltm virtual noname.com ltm virtual noname.com { address-status no description "for SSL" destination 1.2.3.10:any ip-protocol tcp mask 255.255.255.255 profiles { noname.com { context clientside } http { } tcp { } } rules { non_https } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port disabled vlans { SRV_SIDE VIP_SIDE } vlans-enabled vs-index 14 } [root@ltm-dmz-slo-01:Active:In Sync] config

non_https iRule?

Ignore the iRule name.. :-)

Hi N.,

You have the setting "translate-port disabled" this mean that the F5 will not translate the destination port.

• If clients are connecting to 443 it will open connection on pool_member:443
• If clients are connecting to 8080 it will open connection on pool_member:8080

When the "translate-port enabled" it will translate the port like the following :

• If clients are connecting to 443 and you pool_member are listening on 80, F5 will translate the destination port, from 443 to 80. So it will open a connection on pool_member:80

So are you sure that is your need ?

Could you share the irule please ?

Hi JTI, We need the translate port disabled....since the incoming requests should get redirected to the same port on the node. The iRule works in such a way that the node selection is automatic:

when HTTP_REQUEST { if { [HTTP::host] contains "noname.com" } { set ips [lindex [RESOLV::lookup -a "[getfield [HTTP::host] "." 1].internal.com"] 0] log local0.debug "Debug: Resolved(HTTP) address for \"[getfield [HTTP::host] "." 1].internal.com\" = \"$ips\"" if { $ips ne "" } then { node $ips [TCP::local_port] } } }

so the requests would come in as https://hostname.noname.com:4545 or anything else.

I meant also the content of the irule, not the name of it.

ok, posted it above already.