For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Justin_Adrian_3's avatar
Justin_Adrian_3
Icon for Nimbostratus rankNimbostratus
Dec 16, 2009

GTM and SSL VPN

This could almost be considered a pre-sales question but I wanted to reach out to the community here.     I was wondering if anyone had exposure using a GTM to load balance geographical dis...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 16, 2009
Hi Justin,

 

 

That's a novel approach. I think you'd actually want to track open sessions--not connections. A single user could easily have many TCP connections open to an SSL VPN.

 

 

I haven't tried this before, but I wonder if you could use an SNMP-based external GTM monitor to weight the two pool members based on an SNMP query for the number of active user sessions each VPN server holds. Does the Juniper SA provide session counts via SNMP? The default SNMP monitor would just mark the pool member down if it doesn't respond to the SNMP request. You'd need to use a custom script to poll the members for active sessions and then adjust the member priority using bigpipe, tmsh or iControl.

 

 

Aaron