Forum Discussion

Nimbostratus

Oct 07, 2015

Need to configure Https VIP without ssl offloading in F5

i have configured the virtual server for https traffic but without ssl offloading in the F5. ssl offloading done on application server end. I have configured but is it not working showing page cannot...

Kevin_Stewart

Employee

Oct 08, 2015

What you're describing is generally called "SSL tunneling", where the client and server negotiate SSL directly and the load balancer only handles layer 4 (TCP) traffic. The configuration for this is pretty straight forward. You need a VIP with a pool. Done. Because you're not managing SSL (layer 6) traffic, you can't have any application layer profiles either (as in no HTTP profile and/or cookie persistence). The 443 traffic enters the VIP and is blindly load balanced to the 443 pool members. Your best (and really only) option for load balancing persistence is source address.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Need to configure Https VIP without ssl offloading in F5

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

SSL Offloading and Backend pool https

wccp configuration for SSL Orchestrator

HTTPS offload rewriting

FTPS Offload via iRules

F5 BIG-IP Advanced WAF – DOS profile configuration options.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS