Forum Discussion
Cirrusforward traffic based on name
MVPMustphaBassim I am unaware of a way to force an LTM to listen on FQDN rather than IPv4/IPv6 addresses. What is your use case to have the LTM listen on FQDN rather than a specific IP so we might assist you with an appropriate solution?
CirrusHello Dear
i have one public IP and more than domain need to be published as https service so in this case it is need to move traffic to pool based on URL
- Paulius
MustphaBassim If your end users use SNI you can configure SNI on one virtual server (VS) with multiple Client SSL Profiles and then all sites can use the one VS. You can attach an iRule to the VS and send different host fields to different pools. Alternatively you can purchase one SSL certificate that matches the different FQDNs and put that one Client SSL profile on the VS and use the iRule to split the traffic between the different pools. The only other alternative would be to configure a PAT on your perimeter device that listens for 443 and NATs that the F5 VS IP on port 443 and then the other one can have 8443, example "https://example.com:8443/" which then hits the perimeter device and does a PAT for 8443 to the other F5 VS IP on 443. The best option for all users to be supported would be the one SSL certificate that covers all FQDNs, second would be SNI, and the last one would be the PAT because that would require the end user to know to put the alternate port in the URL.
