For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Marco_Castro_11's avatar
Marco_Castro_11
Icon for Nimbostratus rankNimbostratus
Apr 11, 2014

Firepass with LTM without SSL offload

Hi, I would like to configure an HTTPS Virtual Server on BIG-IP LTM (11.4.1HF2) for firepass but without SSL offloading. I have to configure ssl server profile with serverssl-insecure-compatible to ...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Apr 22, 2014

You cannot see the host name or URI without terminating the SSL. Well, technically you could see the host name in the Server Name Indicator of the CLIENTHELLO message if the client was TLS-capable, but that's probably not an answer here. You may simply need to terminate the SSL, inspect the URI, and then redirect to the other device using a different name. Or, you could put an LTM virtual server in front of both APM and FirePass, terminate the SSL there, and then forward the traffic to the external Firepass box, or internal layered APM VIP.