Is it possible to load balance TN3270 over SSL?

Question

Our end-users wants to do the following:&nbsp;
End-User: IBM TN3270 Client using TCP Port 1023 (unencrypted) to the VIP
F5: Standard TCP VIP using Port 1023 to take the Unencrypted traffic from the end-user and encrypt the traffic to the mainframe which would be setup as a node in the pool using 1024.
Mainframe: IBM Mainframe with the Telnet server configured for SSL using TCP Port 1024.&nbsp;
The connectivity direct to the Mainframe using port 1024 works using a newer version of the TN3720 client.&nbsp;
We would like to know if it is possible to load-balance this traffic with the F5 so that the TN3720 client does not have to be redeployed for the SSL configuration for the new Mainframe that we are migrating to.  We are assuming that we are going to have to do a server-side SSL profile to make this work, but so far, no luck.&nbsp;
Any feedback will be welcome.&nbsp;

nitass · Answer

We are assuming that we are going to have to do a server-side SSL profile to make this work, but so far, no luck.

can you post the virtual server configuration?
 tmsh list ltm virtual (name)

have you tried tcpdump/ssldump? what did you get?

Forum Discussion

Is it possible to load balance TN3270 over SSL?

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

irule execution error

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Show or List F5 XC Routes in the Web

Related Content

Transparent Load Balancing in Azure

Four Active/Active load balancing examples with F5 BIG-IP and Azure Load Balancer

What is Load Balancing?

Load Balancing WebSockets

Load Balancing TCP TLS Encrypted Syslog Messages

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS