For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Nov 10, 2022

Is there Limitation of irule "virtual".. can we do it like this?

Hi We have BIG-IQ and BIG-IP AWAF. I see that BIG-IQ application dashboard is show only 1 application per virtual server. But in BIG-IP AWAF.. we config it as 1 virtual server 100 application (mul...
advanced waf
application delivery
BIG-IQ
devops
irule
virtual
kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Nov 11, 2022

Thank you for answer JRahm

May I've another question.. We perform ssl bridging on F5 AWAF (VIP port 443 and pool port 443.. decrypt to scan waf and reencrypt again)

when I use irule "virtual".. Do I need to reencypt before send it to VS_private ?
Flow will be like 
Client > VIP:443 > Decrypt > irule send to virtual > (1) what port I need to use on Virtual private ?  is it 80?

if it port 80.. So I need to config Virtual_Private to use port 80 with only serverssl profile to re-encrypt it to 443 before send to server , am I correct?
I'm concern about multiple decrypt/encrypt which might affect latency

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Nov 11, 2022

your thought there is correct, you don't want to re-encrypt between the virtual servers on the same backplane. Decrypt on the front-end virtual server with a clientssl profile, re-encrypt on the back-end virtual servers with a serverssl profile.