Forum Discussion

Nimbostratus

Aug 31, 2009

SSL in backend servers does not support cookie persistence?

I have three IIS servers behind the F5. SSL function is not offloaded to F5. I have enabled certificates on the IIS servers to encrypt the connection. If I choose "none" for my http pr...

Nimbostratus

Aug 31, 2009

Skyout: think of it this way - if you're terminating SSL on the servers, the BigIP has no visibility above layer 4 (basic TCP level stuff). Cookies and such are up at layer 7, and an HTTP profile applied to a virtual server essentially tells the BigIP "this is a layer 7 virtual server". This is why you're not working correctly.

To accomplish what you want, use a client ssl profile and re-encrypt back (via a server ssl profile) to your IIS systems. This way you'll have full visibility and can do what you need to do.

-Matt

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL in backend servers does not support cookie persistence?

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

F5 XC – Persistence and Resiliency pt. I (persistence)

SSL Offloading and Backend pool https

DNS load balancing to backend servers using GTM/LTM.

Overview of MITRE ATT&CK Tactic : TA0003 - Persistence

Backend server IP not visible in TCP dump

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS