Forum Discussion
Bartek
Cirrus
Cirrusremove "requires { http ssl-persistance }" from policy
Whenever I create a policy it adds it's own, default configuration snippets in the config. The one that gives me trouble is: requires { http ssl-persistence } When the policy is created, but only...
OK, so i actually got it, and learned a ton about policies in the process.
The most important thing is that the policy assumes http event if not told otherwise. In this case adding an "ssl-client-hello" after forward action changed this assumption to ssl event. This is also true for actions that (according to specs) have nothing to do with http - I guess something that F5 overooked.
But wait, there is more - there is no way at all to add the ssl-client-hello while preparing the policy in GUI. You need to prepare it as far as possible and edit or modify the policy in TMSH (the latter is more elegant, but edit is easier and also does the job) to add the ssl-client_hello action. This automatically removes http from aspect and leaves just the desired ssl-persistence which in result allows to remove unwanted http profile from VIP.
Stanislas_Piro2
Cumulonimbus
CumulonimbusSsl extension conditions require ssl-persistence profile...
so so you can’t remove it from policy
BartekCirrus
CirrusI had no beef with ssl-persistence. It was the HTTP that gave me headaches. Anyway I found the solution eventually and described it below.
Thanks