send HTTPS without descrypt

Question

Hi, I client asked me about if it is possible to balancing https traffic without decrypt the packets in our F5. He doesn´t want our F5 open his packets.
Is it possible send https traffic directly to his servers?
My F5 is a big-ip 4000&nbsp;
Thanks&nbsp;
Matias  &nbsp;

leonardo_souza · Answer

Yes, just don't add any clientssl or serverssl profile to the virtual server.
The SSL handshake, encryption, and decryption will be handled by client and server.&nbsp;
Don't forget that as you are not able to see the HTTP payload, you can't add a HTTP profile to the virtual server, neither you can use cookie persistence for example.&nbsp;

janholtz · Answer

Sure.
If you need to proxy TCP then a standard virtual server will do the trick.&nbsp;
If no tcp proxying is needed, use a FastL4 profile, where only destination (and possibly source) address and ports are changed by the F5.&nbsp;
//Jan&nbsp;

Forum Discussion

send HTTPS without descrypt

Recent Discussions

XC Bot defense question

UCS backup not loading Big IP DNS pool

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

BIG-IP Oauth Client and AS

F5 BOT DEFENSE AWAF blocked some legitimate browsers

Related Content

The HTTP/2 CONTINUATION frame attack

(HTTP) Redirection via Arbitrary Host Header

HTTP To HTTPS Redirect 301

Handling HTTP Requests on an HTTPS Virtual Server

iRule to take cookie from HTTP Response into HTTP Request via table

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS