Forum Discussion

Altostratus

Mar 19, 2015

HTTPS Traffic Issue

Hi Everybody, I require your attention. Please help me. There is a request for the F5 LTM from the users. ++++++++++++++++++++++++++++++++++++++++++++++++++ 1) DNS name and VIP fo...

application delivery

availability

BIG-IP Access Policy Manager (APM)

Employee

Mar 22, 2015

Default persistence profile - dest_addr ( sticky )

i do not think you should use destination address persistence. since you do ssl offloading, cookie persistence may be a better choice.

1) Please let me know if I need any iRule here. I don't think I need any.

what http host header do servers expect to receive? is it virtual server fqdn (sailpointtest.group.upm.com) or server fqdn (SRV1731:8080, SRV1732:8080)?

and is uri (/Identityiq) supplied by user? or does it have to be added by bigip when sending request to server?

2) Am I required to use Client SSL Profile in order to decrypt the HTTPS traffic on F5 ?

if server is running https, you do not need clientssl profile on bigip. ssl will be passed through to server.

What would happen if we don't have iRule applied on the VS and we are not using Client SSL Profile ? - Is it that traffic will be forwarded by F5 as such (https) to the Actual server after the load balancing decision has been made by LTM and the actual server need to have Certificate/Key to decrypt it ?

yes

3) Are we required to give the clients any Certificate/Key for this to work ? I guess not.

no (you are correct)

While I am entering the URL https://sailpointtest.group.upm.com in the browser, it is circling indefinitely without giving any page or error.

try virtual server ip as Samir suggested and tcpdump/ssldump may be helpful.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)