For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_Krum's avatar
John_Krum
Icon for Cirrus rankCirrus
Jul 07, 2021

Policies to move HTTPS traffic

I am trying to share a 443 NAT on a firewall sending traffic to the LTM. Once it gets to the F5 I want formview.xxx.org to go to pool-Forms and WEBview.xxx.org to go to pool-WEB. Is that possible wit...
application delivery
BIG-IP
iRules
policy
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Jul 07, 2021

Hi John,

 

yes, it is possible. You could use LTM Traffic Policies to match the HTTP Host value and forward traffic to the pool accordingly. Get started with this article: devcentral - LTM Policy

A policy rule could look like this

And for the SSL profile take a look at this solution: K13452: Configure a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication feature

With SNI you can configure which SSL certificate will be used to authenticate the VS to the client and to secure the connection.

 

KR

Daniel

 

 

John_Krum's avatar
John_Krum
Icon for Cirrus rankCirrus
Jul 07, 2021
Daniel, Looking closer at the pcaps and the conf VS to serve multiple HTTPS sites I switched up my policy. Now I can see that the policy is getting both invoked and succeeded hits of equal amounts. DMZ-Cop is Match SSL Extension -> server name -> is -> any of -> Viewforms.mycompany.org or viewforms -> at client hello Do the following Forward traffic -> to pool -> viewforms-pool I have the same end results. No Server hello in reply to the client hello. I assume this is due to the fact that the server has the cert and I am directing traffic to it via a profile? [cid:image003.jpg@01D77337.919E86C0] Thanks again, John Krumenacher