Forum Discussion

jomedusa's avatar
jomedusa
Icon for Altostratus rankAltostratus
Aug 15, 2024

Multiple BIG-IP LTM Policies

We currently have a policy applied to a VIP that matches specific text in URI string and sends the traffic to different pools based on the results.  This is the only Policy applied, but I would like ...
application delivery
Aswin_mk's avatar
Aswin_mk
Icon for Cumulonimbus rankCumulonimbus
Aug 15, 2024

You can use x forward for enable for getting actual client ip in backend server(if it's http traffic). If you restrict tls version in F5, then that traffic only accept (you can create client SSL profile and only need to allow Tls1.2 or higher).

  • jomedusa's avatar
    jomedusa
    Icon for Altostratus rankAltostratus
    Aug 15, 2024

    Thanks for your response, yes we use the X forward, we are working to restrict the VIP to TLS 1.2, and we use the Policy to send the information that can parsed via Splunk from the IIS logs.  It allows us to determine which clients are still utilizing TLS 1.0/1.1 and determine how to remediate that service call or end user application.  So would putting that policy above the existing policy allow the HTTP headers values to be inserted for logging purposes and the existing policy still route traffic appropriately?

    • Mayur_Sutare's avatar
      Mayur_Sutare
      Icon for MVP rankMVP
      Aug 16, 2024

      Hi jomedusa Yes, you can have multiple LTM policies on a single VIP and it will be processed based on the order you have set. You can also have all the conditions to match under single policy also. Its upto you how do you want to configure it. Hope it helps!

    • Aswin_mk's avatar
      Aswin_mk
      Icon for Cumulonimbus rankCumulonimbus
      Aug 17, 2024

      Hi jomedusa

       

      Hope your query resolved and helped for implementation.