For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jomedusa's avatar
jomedusa
Icon for Altocumulus rankAltocumulus
Aug 15, 2024

Multiple BIG-IP LTM Policies

We currently have a policy applied to a VIP that matches specific text in URI string and sends the traffic to different pools based on the results.  This is the only Policy applied, but I would like ...
application delivery
Aswin_mk's avatar
Aswin_mk
Icon for MVP rankMVP
Aug 15, 2024

You can use x forward for enable for getting actual client ip in backend server(if it's http traffic). If you restrict tls version in F5, then that traffic only accept (you can create client SSL profile and only need to allow Tls1.2 or higher).

jomedusa's avatar
jomedusa
Icon for Altocumulus rankAltocumulus
Aug 15, 2024

Thanks for your response, yes we use the X forward, we are working to restrict the VIP to TLS 1.2, and we use the Policy to send the information that can parsed via Splunk from the IIS logs.  It allows us to determine which clients are still utilizing TLS 1.0/1.1 and determine how to remediate that service call or end user application.  So would putting that policy above the existing policy allow the HTTP headers values to be inserted for logging purposes and the existing policy still route traffic appropriately?

  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Aug 16, 2024

    Hi jomedusa Yes, you can have multiple LTM policies on a single VIP and it will be processed based on the order you have set. You can also have all the conditions to match under single policy also. Its upto you how do you want to configure it. Hope it helps!

  • Aswin_mk's avatar
    Aswin_mk
    Icon for MVP rankMVP
    Aug 17, 2024

    Hi jomedusa

     

    Hope your query resolved and helped for implementation.