Forum Discussion

dtroszczynski's avatar
Icon for Nimbostratus rankNimbostratus
May 22, 2019

Fast L4 profile with xff LTM



I have a layer 4 on F5 VS. I have set the FastL4 profile and HTTP profile as below:


ltm profile http HTTP_XforF {


 accept-xff disabled


 app-service none


 defaults-from http


 encrypt-cookies none


 enforcement {


  max-header-count 64


  max-header-size 32768


  max-requests 0


  pipeline allow


  unknown-method allow




 fallback-host none


 fallback-status-codes none


 header-erase none


 header-insert none


 insert-xforwarded-for enabled


 lws-separator none


 lws-width 80


 oneconnect-transformations enabled


 proxy-type reverse


 redirect-rewrite all


 request-chunking preserve


 response-chunking selective


 response-headers-permitted none


 via-request preserve


 via-response preserve


 xff-alternative-names none




Additionally, I have 2 irule connected:






HTTP::header insert x-forwarded-host [HTTP::host]








HTTP::header insert x-forwarded-proto "https"






VS listens on port 443. The certificate is on the server for F5. When you try to call a host, the site is unreachable, only after a few re-invitations the site enrols the certificate and everything starts working.

When I omit F5 in communication, everything works without a problem. F5 is transparent in this case and should not cause a problem. What could be the cause of the problem?

No RepliesBe the first to reply