Forum Discussion
Qasim
Cirrostratus
CirrostratusSending traffic to pool nodes on Secure port?
Hi,
Just need a little information on how the LTM works when sending traffic to pool nodes. I want to offload ssl on LTM but also want to use secure port for backend nodes.
E.g. I want VS to use port tcp/443 but backend pools on 1443, 8443 and other Secure ports. this is so I can use IRULES to manipulate http headers. Also, would I need to install a certificate on the LTM for backend nodes as well?
I look forward to hearing from you soon.
Regards,
Lee_SutcliffeNacreous
SSL offloading is when SSL is terminated on F5 on the client-side. This requires a client-ssl profile and HTTP profile assigning to the virtual server.
To re-encrypt traffic to your pools you will need to use a server-ssl profile to encrypt the server-side connection.
Using this method you can manipulate HTTP headers as F5 is in the middle of each SSL termination and is able to provide end to end encryption
K14806: Overview of the Server SSL profile (11.x - 15.x)
- Lee_Sutcliffe
You do not need a root certificate for the server side connection, as F5 by default does not care about the validity of the server side certificate
Qasimthanks Lee for your swift response. one more question sorry, would I need to install the root cert somewhere to validate the Public key presented by the backend server to the LTM? if so, where in the f5 will I need to install that certificate?
Kind regards,
- Qasim
Nice one Lee. really appreciate you explanation.
- Qasim
Hi Lee,
Wondering if you can help with this other question that I asked a few weeks back:
https://devcentral.f5.com/s/question/0D51T00006kFxYqSAK/gtm-ltmvsirule-and-dynamic-failover
kind regards