For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mlwebster's avatar
mlwebster
Icon for Cirrus rankCirrus
Oct 28, 2022

Mutual TLS reference architecture

Hi F5 community, I’m looking for a mutual TLS (2-way TLS) reference architecture document showing flows from client via Big-IP LTM to server. I need to have defined external client connections auth...
application delivery
security
PSFletchTheTek's avatar
PSFletchTheTek
Icon for Cumulonimbus rankCumulonimbus
Oct 28, 2022

TLS is normally done by certificates.
So you'd need a cert on the VS and one on the client. 
And you can then tell the server config to enforce the trust,

The normal issue here is managing and maintaining the certificate on the client's.

It can also be done between f5 and the web servers, as there internal and fixed that's normally a little easier!
Just make sure the certs are kept up to date otherwise they'll all die!
Normally worth renewing each certificate at last a week a part on each web server to try to manage that.