Forum Discussion
williamcs
Nimbostratus
NimbostratusPersistence for https
How to remain the client to the same pool member in the https traffic if not enable ssl profile in F5? I have tried cookie persistence but failed because I don't enable client ssl profile. I have tr...
Hi williamcs ,
Like Mohamed_Salah_ recommended in Source address affininty method.
Just I want to add , if you don't want to do any ssl terminations through F5 bigip.
I recommend to use ssl-proxy feature with adding ( Client and server ssl profiles ) , using this bigip will let the backend servers to do ssl negotiations and bigip will be in between ( client - servers ) and see the http payload dycrypted but without any actions or participating in ssl negotiations.
So using this you can meet your current deployment of making bigip not to negotiate on ssl and bigip will be able to insert cookie persistence.
ssl-proxy is very useful when you want to secure your application through AWAF policies without terminating ssl connections , also u can use it to work with irules or inserting cookies ,
in the following article , you will know how to deploy SSL-PROXY feature with steps :
https://my.f5.com/manage/s/article/K13385