F5 SSL Pass-through with Xforward.

I am having an LTM which load balance the traffic to two WAF clusters, these clusters are located in differenct locations within the same enviorment (Kind of HA setup within the same site), we relay in the LTM to do the load balancing, noting that these WAF clusters are sperated by L3 firewalls, so i cant extend the IP addressing schema to both of them.

Please find the reasons for why i want to use the SSL-passthrough:

• The client want to maintain the SSL decryption in the WAF devices for security reasons, the LTM devices are not part of thier secure enviorment.
• We are having some issue with the CN of the certifcate when it is installed in these different in the WAF devices coz it is tighed with an IP address (it is an internal service), this is where SSL bridging is failing.
• Finally the client cant make routing changes and he need to see the client IP address, this why i need to insert the Xforward coz installing the LTM in routed mode is not an option.

This is it is a bit complex implentation, for this reason the only solution was for me to do the SSL passthrough.

I am still confused about a point if the SSL-Passtrhough is still performing any kind of SSL decryption when it is on the way between the SSL client and the SSL server?

i mean does the BIG-IP system to decrypt, optimize, and reencrypt the SSL traffic whith the SSL passthrough or not coz i think it impossible to insert the Xforward without doint this?

Thanks again for your help.