Hi
You need some logic within the CLIENT_ACCEPTED Event for this. Something like this for a single IP.....this will look for a connection from 10.10.10.10 and apply a different SSL profile. All other connections will used the default config of the VIP
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
SSL::profile new_clientssl
}
}
You can expand out for look for a subnet
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] } {
SSL::profile new_clientssl
}
}
or use a DataGroup if you want to....
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals source_ip] } {
SSL::profile new_clientssl
}
}