Forum Discussion

Nfordhk_66801's avatar
Nfordhk_66801
Icon for Nimbostratus rankNimbostratus
Jun 18, 2014

HTTP Profile breaks HTTPS Connections

Hi,   We want to setup SSL forwarding for our HTTPS virtual server. If I set a no HTTP profile and setup a bypass by selecting none for both client and server SSL the site works properly.   If ...
application delivery
design
http profile
LTM
security
ssl
  • Vincent_96223's avatar
    Vincent_96223
    Jun 18, 2014

    If you are wanting F5 to do a passthru, where your actual servers will be doing the encryption and decryption, select Type = Performance (Layer 4) on your VIP. Now, if you want F5 to do the SSL handshake for you, you will have to create a client side SSL profile on F5, and import your certificate and key onto F5. F5 will represent your server for the SSL session, and you have the option of setting up your backend to either talk HTTP or HTTPS.

     

shaggy's avatar
shaggy
Icon for Nimbostratus rankNimbostratus
Jun 18, 2014

Yes - you'll want a standard VS, client-SSL profile with app cert/key, server-SSL profile (if backend is also SSL - none if backend is HTTP), HTTP profile, and a cookie persistence profile.

 

Think of profiles as the F5 interacting with traffic at that 'level' - in order to do cookie persistence, the F5 needs to interact with HTTP (http-profile), in order to interact via HTTP, the F5 needs to decrypt the traffic (client-ssl) profile