Forum Discussion
SNI Implementation
Thank you both for the explanations. I should have added in my original post that this was my first time working with anything SNI, so maybe I have a misunderstanding that I haven't realized yet.
I now understand that not seeing the server_name extension from the server side of the BIGIP is the expected behavior, but that design decision confuses me. Currently, without the BIGIP involved, the web front end receives client hello packets with this extension and it works properly. So why wouldn't the BIGIP be designed to send them?
On the web front end, IIS currently has only two sites. One is configured to require SNI (this is a check box in the binding section), the other site has the box unchecked. The box being checked for the one site gave me the impression that the site won't work without the server_name extension.
In the mean time, I will attempt my configuration like the diagram by Rodrigo.
I've read a bit about the SSL Forward Proxy and I can see how the web server in the pool will get the server_name extension. But I cannot have two certificates and keys in the client ssl profile, so do I just configure two separate client ssl profiles and add them both to the virtual server? I'm not sure what certificates are supposed to be in the SSL Forward Proxy portion of the configuration either.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com