Forum Discussion
John_Krum
Cirrus
CirrusPolicies to move HTTPS traffic
I am trying to share a 443 NAT on a firewall sending traffic to the LTM. Once it gets to the F5 I want formview.xxx.org to go to pool-Forms and WEBview.xxx.org to go to pool-WEB. Is that possible wit...
Daniel_Wolf
MVP
MVPHi John,
yes, it is possible. You could use LTM Traffic Policies to match the HTTP Host value and forward traffic to the pool accordingly. Get started with this article: devcentral - LTM Policy
A policy rule could look like this
And for the SSL profile take a look at this solution: K13452: Configure a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication feature
With SNI you can configure which SSL certificate will be used to authenticate the VS to the client and to secure the connection.
KR
Daniel
John_KrumCirrus
CirrusDaniel,
Looking closer at the pcaps and the conf VS to serve multiple HTTPS sites I switched up my policy. Now I can see that the policy is getting both invoked and succeeded hits of equal amounts.
DMZ-Cop is
Match
SSL Extension -> server name -> is -> any of -> Viewforms.mycompany.org or viewforms -> at client hello
Do the following
Forward traffic -> to pool -> viewforms-pool
I have the same end results. No Server hello in reply to the client hello. I assume this is due to the fact that the server has the cert and I am directing traffic to it via a profile?
[cid:image003.jpg@01D77337.919E86C0]
Thanks again,
John Krumenacher