Sending traffic to pool nodes on Secure port?

Question

Hi,&nbsp;Just need a little information on how the LTM works when sending traffic to pool nodes. I want to offload ssl on LTM but also want to use secure port for backend nodes.&nbsp;E.g.  I want VS to use port tcp/443 but backend pools on 1443, 8443 and other Secure ports. this is so I can use IRULES to manipulate http headers.  Also, would I need to install a certificate on the LTM for backend nodes as well?&nbsp;&nbsp;I look forward to hearing from you soon.&nbsp;Regards,

lee_sutcliffe · Answer

SSL offloading is when SSL is terminated on F5 on the client-side. This requires a client-ssl profile and HTTP profile assigning to the virtual server.&nbsp;To re-encrypt traffic to your pools you will need to use a server-ssl profile to encrypt the server-side connection. Using this method you can manipulate HTTP headers as F5 is in the middle of each SSL termination and is able to  provide end to end encryption&nbsp;K14806: Overview of the Server SSL profile (11.x - 15.x)https://support.f5.com/csp/article/K14806

lee_sutcliffe · Answer

You do not need a root certificate for the server side connection, as F5 by default does not care about the validity of the server side certificate

qasim · Answer

thanks Lee for your swift response. one more question sorry, would I need to install the root cert somewhere to validate the Public key presented by the backend server to the LTM?  if so, where  in the f5 will I need to install that certificate?&nbsp;Kind regards,

qasim · Answer

Nice one Lee. really appreciate you explanation.

qasim · Answer

Hi Lee,&nbsp;Wondering if you can help with this other question that I asked a few weeks back:https://devcentral.f5.com/s/question/0D51T00006kFxYqSAK/gtm-ltmvsirule-and-dynamic-failover&nbsp;kind regards

Forum Discussion

Sending traffic to pool nodes on Secure port?

5 Replies

Recent Discussions

My Journey to Passing the F5 402 Cloud Solution Specialist Exam: Tips & Guide

Trial License for F5 virtual edition in eve-ng

Migrate HW GTM 2600

Sending LTM\GTM logs to DCD devices

F5 Send email and snmp trap from LTM log event

Related Content

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Quarterly Security Notification October 2025

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

Tightening the Security of HTTP Traffic Part 2

Tightening the Security of HTTP Traffic part 1