For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JoeTheFifth's avatar
JoeTheFifth
Icon for Altostratus rankAltostratus
Jun 26, 2017

Hi. I'm reviving this thread hoping to find a definitive answer to the same problem. Is this configuration supported without an iRule? Here is the setup:

 

  • 1 VS => Https pool => 2 servers port 443
  • I created a base default sni profile defaultsniclient and a base default sni server profile defaultsniserver
  • I created two clients profiles based on the client sni profile with the right certs.
  • I created two server profiles based on the server sni profile with the right certs.

profile 1 has sni entry app1.domain.com profile 1 has sni entry app2.domain.com

 

default sni profile has just defaultsni.domain.com

 

sni entries are set on both client and server profiles

 

now when I add the three client profiles (default sni + the other two for app1.domain.com and app2.domain.com) and the three server profiles I cannot connect to the two websites.

 

If I tests the two profiles separately they work fine.

 

Insight is welcome ! thanks.

 

  • JoeTheFifth's avatar
    JoeTheFifth
    Icon for Altostratus rankAltostratus
    Jun 26, 2017

    I'm testing this on 11.5.4.2.0.291

     

  • JoeTheFifth's avatar
    JoeTheFifth
    Icon for Altostratus rankAltostratus
    Jun 26, 2017

    Thanks for the link. Two questions: does this mean that my setup (multiple sni profiles) won't work? i will post the second question on the other thread :-)

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jun 26, 2017

    Hi,

     

    Yes, you don't have to configure multiple serverssl profiles but only one with the irule of the provided link.