Forum Discussion
CirrusHTTPS Traffic
-
Is it possible if i make a VS of HTTPS traffic and F5 only pass the HTTPS traffic and SSL offloads on server not on F5.
-
If yes would be the disadvantage of it?
-
What would be the advantage if i offload SSL traffic on F5?
4 Replies
RyannnnnnnnnAltocumulus
-
Yes, you are able to create a VS listening on port 443 and terminate SSL on the pool member rather than the LTM.
-
Disadvantages of not performing SSL offload could be no visibility into the encrypted packets, therefore you can't use any cool layer 7 stuff like cookie persistence and layer 7 iRules.
-
Advantages of offloading, as mentioned above. Plus SSL on the LTM is performed in hardware as opposed to software, which improves speed and takes un-needed load off a busy pool member/s
Muhammad_Irfan1Great answer sir. 1. Only cookie persistence can not performed or all persistences can not be performed? 2. Which traffic is classified as SSL in F5 (i) Which pass through F5 or (ii) Which offloads on F5 through certificate.
-
Ryan_80361Cirrostratus
-
Yes, you are able to create a VS listening on port 443 and terminate SSL on the pool member rather than the LTM.
-
Disadvantages of not performing SSL offload could be no visibility into the encrypted packets, therefore you can't use any cool layer 7 stuff like cookie persistence and layer 7 iRules.
-
Advantages of offloading, as mentioned above. Plus SSL on the LTM is performed in hardware as opposed to software, which improves speed and takes un-needed load off a busy pool member/s
- Muhammad_Irfan1Great answer sir. 1. Only cookie persistence can not performed or all persistences can not be performed? 2. Which traffic is classified as SSL in F5 (i) Which pass through F5 or (ii) Which offloads on F5 through certificate.
-
