Forum Discussion
Stefan_Klotz
Jan 13, 2021Cumulonimbus
Hi Thiago,
in the serverside context the F5 acts as the client and doesn't interest on the validation of the server certificate (name, issuer, date). So you should be fine to simply use the parent serverSSL profile. Only on the clientside you have to use a specific clientSSL profile with an officially signed certificate matching the name of the DNS from your VS.
And regarding the "failover" of the poolmembers I see two options:
- Only the active member reacts successful on the health-check, so just this member becomes green and gets traffic. In case of an issue with the primary member, the second one becomes active and its monitor gets green.
- All members react successfully on the health-check, so you need to work with priority groups and must define the same order of the other members (in case there are more than two) as the "failover" within the application would do (if this is hopefully not a dynamic algorithm).
Ciao Stefan :)