Persistence for https

Hello,

I think you can try terminating SSL connection by adding SSL profile, as the best way for http persistence is the cookie option. And as you mentioned, you cannot use it without SSL profile.

or you can try changing the source address settings to increase the mask from /32 to /24 for example, to match on larger range of IPs instead of one. so if a client IP changed but within the subnet, F5 can still find a match for the client.

Thanks,

Hi williamcs , 
Like Mohamed_Salah_  recommended in Source address affininty method. 

Just I want to add , if you don't want to do any ssl terminations through F5 bigip. 
I recommend to use ssl-proxy feature with adding ( Client and server ssl profiles ) , using this bigip will let the backend servers to do ssl negotiations and bigip will be in between ( client - servers ) and see the http payload dycrypted but without any actions or participating in ssl negotiations. 

So using this you can meet your current deployment of making bigip not to negotiate on ssl and bigip will be able to insert cookie persistence. 

ssl-proxy is very useful when you want to secure your application through AWAF policies without terminating ssl connections , also u can use it to work with irules or inserting cookies , 

in the following article , you will know how to deploy SSL-PROXY feature with steps : 
https://my.f5.com/manage/s/article/K13385

Thank you for your fast reply. 

But end user's security team is not allow us to install ssl cert in F5. So I'm not able to use any ssl profile.

Do I have another way to do it?