Forum Discussion
Multiple BIG-IP LTM Policies
We currently have a policy applied to a VIP that matches specific text in URI string and sends the traffic to different pools based on the results. This is the only Policy applied, but I would like to also introduce an existing policy that simply inserts information such as TLS version Original Source address and port numbers, this is used for IIS logging.
I am assuming that I could put the Insert Policy above the existing policy and it would insert the headers first then it would follow the existing policy that is in place. I may be overthinking it but wanted to get some input from the expects.
Thanks,
Joe
- Aswin_mkCumulonimbus
You can use x forward for enable for getting actual client ip in backend server(if it's http traffic). If you restrict tls version in F5, then that traffic only accept (you can create client SSL profile and only need to allow Tls1.2 or higher).
- jomedusaAltostratus
Thanks for your response, yes we use the X forward, we are working to restrict the VIP to TLS 1.2, and we use the Policy to send the information that can parsed via Splunk from the IIS logs. It allows us to determine which clients are still utilizing TLS 1.0/1.1 and determine how to remediate that service call or end user application. So would putting that policy above the existing policy allow the HTTP headers values to be inserted for logging purposes and the existing policy still route traffic appropriately?
- Aswin_mkCumulonimbus
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com