Forum Discussion

Ireda's avatar
Ireda
Icon for Cirrostratus rankCirrostratus
Apr 09, 2023

HTTPS virtual server with custom TCP port

Hi, How to configure an HTTPS virtual server with a custom TCP port Example: https://XZY.org:8080 Do we need to change the F5 listening port from 443 to 8080 only or do we need other steps? Would t...
security
Ireda's avatar
Ireda
Icon for Cirrostratus rankCirrostratus

Thanks for your reply, but regarding VIP port will be 8080 and protocol will be "Other" or what ?

Also, How can I do F5 SSL termination on the VS? you meaning assign SSL Profile for client side. 

Paulius's avatar
Paulius
Icon for MVP rankMVP
Apr 09, 2023

Ireda If you enter the port it should auto-select the appropriate setting. Are you referring to the drop down to the right of the service port that says HTTPS or are you referring to the protocol just below that under the configuration section that should set itself to TCP? If you want to perform SSL termination and pass the traffic decrypted to the pool members you only configure an SSL client profile with a valid SSL cert, key, and intermediate if necessary. If you want to pass encrypted traffic to the pool member after the F5 has done what it needs to you can configure both a SSL client profile and SSL server profile, the SSL server profile can be the default serverssl or other profiles that are already on the F5. You only have to adjust the SSL server profile if you only want to use certain SSL ciphers as well as a few more options.

  • Ireda's avatar
    Ireda
    Icon for Cirrostratus rankCirrostratus
    Apr 09, 2023

    Hi

    Kindly check the attached, are you meaning that? , but this is a migration from Citrix to F5

    In Citrix -------> port 8080 / protocol HTTP and in other VS the protocol is TCP.

    How can I make the port 8080 and protocol HTTP ?

    • Paulius's avatar
      Paulius
      Icon for MVP rankMVP
      Apr 09, 2023

      Ireda Those are just configuration differences between Citrix Netscaler and the F5 BIG-IP. On the BIG-IP you specify the TCP protocol rather than HTTP in the protocol section and then in the service port if you select HTTP it will auto-assign port 80. In your case you are specifying port 8080 which isn't an auto-populated name for F5 in the GUI so it states "other" rather than HTTP even though your traffic is HTTP. The nice thing about the F5 is it treats traffic from least specific to most specific by using various profiles such as TCP, HTTP, and so on. If on the Citrix you had port 8080 which accepted encrypted HTTPS traffic your VS on the F5 should be IP plus 8080 and then below it populates TCP as you are seeing in your screenshot. The following link has an unsupported unofficial tool that someone created to migrate from Citrix ADC to F5 BIG-IP which is what you are doing by the sound of it.

      https://community.f5.com/t5/codeshare/citrix-netscaler-to-f5-big-ip/ta-p/277635

      I personally would not use the tool because it's not supported and you will learn much more by manually migrating the configuration but if you are in a time crunch the tool might be the best path forward.