SSL Offload and re-encrypt traffic between Route Domains

Question

SSL Offload and re-encrypt traffic between Route Domains &nbsp;
like use NGFW features (IPS &amp; AV) with F5 LTM. Traffic flow will be External client --- &gt; fw1 --- &gt; LTM (RD -01) --- &gt; fw2 ---- &gt; LTM (RD -02) --- &gt; pool member ( web server)&nbsp;
SSL offload needs to be done on LTM (RD -01) without any pool members. Server SSL need to be done on LTM (RD -02) to re-encrypt the traffic. &nbsp;
Could I please have some guidance to create an irule if that works?&nbsp;

kevin_stewart · Answer

Sanjeewa, you don't really need route domains if this is all layer 3 traffic. You simply need to create separate VLANs and self-IP subnets between each FW.&nbsp;
External client talks to FW1 on subnet1FW1 talks to LTM on subnet2LTM pools to FW2 on subnet3FW2 default routes back to TLM on subnet4LTM pools to web server on subnet5
Subnets 2 through 4 would all be internal, and as long as address translation is disabled, the destination IP could remain unchanged until you get to the LTM pool.&nbsp;

Forum Discussion

SSL Offload and re-encrypt traffic between Route Domains

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

Related Content

SSL Full Proxy - SSL Re-Encryption performance degradation

SSL Offloading and Backend pool https

S3 Traffic Optimization with F5 BIG-IP & NetApp StorageGRID

HTTPS offload rewriting

FTPS Offload via iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS