For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Marco_Castro_11's avatar
Marco_Castro_11
Icon for Nimbostratus rankNimbostratus
Apr 11, 2014

Firepass with LTM without SSL offload

Hi, I would like to configure an HTTPS Virtual Server on BIG-IP LTM (11.4.1HF2) for firepass but without SSL offloading. I have to configure ssl server profile with serverssl-insecure-compatible to ...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Apr 22, 2014

It's actually not as simple as that. Both APM and Firepass transition through a set of URIs during policy evaluation. It's been a while since I've touched a Firepass, but I believe the URI structure is similar between them. It's not impossible, and I've done similar things on other projects, but it's certainly more than just a check for "/uri". That leaves basically two options:

 

  1. Attempt to switch between load balanced Firepass and layered APM VIP using URI and cookie evaluation. If you have a capture of a Firepass session, that would be most helpful, as I don't particularly remember what that looks like.

     

  2. Put Firepass and APM on two different URLs with individual certificates and find another way to switch between them. This, ironically, will most likely be the easier of the two options.