For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

irbk's avatar
irbk
Icon for Cirrus rankCirrus
Sep 28, 2023

SSL issues with new setup

We are doing our actual implmentation of the F5 BigIP LTM VM version 17.1.03 (build 0.0.4).  It's a little bit complcated because we are trying to load balance an application (Microsoft Dynamics Navi...
application delivery
LTM
ssl
Paulius's avatar
Paulius
Icon for MVP rankMVP
Sep 28, 2023

irbk Based on the second virtual server configuration, I see that you are passing decrypted traffic to the servers on 443. Did you configure the servers to receive decrypted traffic on 443 because by default they should not allow that? Now SSL bridging is nice but not necessary and completely depends on your security stance and capabilities of the receiving pool members and if they can perform all application functions over HTTP and not HTTPS. If it's not required I would stick with SSL termination at the F5 and passing decrypted traffic to the servers.

irbk's avatar
irbk
Icon for Cirrus rankCirrus
Sep 28, 2023

No, that shouldn't be right.  The servers have to have encrypted traffic, they aren't configured to recive it otherwise.  What setting requres changing?

Actually, the servers arn't even going to be receiving on 443 in the end, this is just how I'm testing to get the certificate issue squared away but the servers do need to recieve encrypted traffic so either the BigIP needs to do a passthrough or we need to setup the SSL Bridging (which I believe is the prefered option for several reasons).