Forum Discussion
CirrostratusSending traffic to pool nodes on Secure port?
Hi,
Just need a little information on how the LTM works when sending traffic to pool nodes. I want to offload ssl on LTM but also want to use secure port for backend nodes.
E.g. I want VS to use port tcp/443 but backend pools on 1443, 8443 and other Secure ports. this is so I can use IRULES to manipulate http headers. Also, would I need to install a certificate on the LTM for backend nodes as well?
I look forward to hearing from you soon.
Regards,
5 Replies
Lee_SutcliffeNacreous
SSL offloading is when SSL is terminated on F5 on the client-side. This requires a client-ssl profile and HTTP profile assigning to the virtual server.
To re-encrypt traffic to your pools you will need to use a server-ssl profile to encrypt the server-side connection.
Using this method you can manipulate HTTP headers as F5 is in the middle of each SSL termination and is able to provide end to end encryption
K14806: Overview of the Server SSL profile (11.x - 15.x)
Qasimthanks Lee for your swift response. one more question sorry, would I need to install the root cert somewhere to validate the Public key presented by the backend server to the LTM? if so, where in the f5 will I need to install that certificate?
Kind regards,
- Lee_Sutcliffe
You do not need a root certificate for the server side connection, as F5 by default does not care about the validity of the server side certificate
- Qasim
Nice one Lee. really appreciate you explanation.
- Qasim
Hi Lee,
Wondering if you can help with this other question that I asked a few weeks back:
https://devcentral.f5.com/s/question/0D51T00006kFxYqSAK/gtm-ltmvsirule-and-dynamic-failover
kind regards
