Forum Discussion
BigIP Linux command line client
- Dec 06, 2022
Hi, Alex
Bugs apart (let's assume we live in a perfect world for a minute), I always like to activate mirroring when I know traffic is SSL-based, whether the F5 terminates SSL sessions or not.
The idea is precisely what you mentioned - making life easier for endpoints, who don't have to recreate all the SSL sessions in the event of a failover. If you don't have SSL termination, or if you do but re-encrypt traffic for the server-side, "endpoints" means client and server. You may not be worried with performance issues on the client machine, but tipically you want to take that load off your servers, even if it means putting a little extra load on the F5 machines.
About performance on the F5 itself, the only way to know if you are having a big impact is by monitoring. If your system is very underloaded, even when doing mirroring, I would say keep it that way. If you are near any limits (CPU or RAM), disabling mirroring might help if there are a big number of sessions.
/Mike
Certificate error presented in the client's browser? This means there's a mismatch in the common name or subject alternative names of the certificate versus what FQDN the client specified in their browser to reach the website.
You'll need to apply a certificate to vs-B and vs-C that includes the FQDN requested either as the certificate common name or as a subject alternative name (SAN).
- zamroni777Jul 31, 2024
MVP
is signature staging enabled?
- amine-elhijaziJul 31, 2024
Altocumulus
Hello ,
I belive it's not blocking because , in the list of the urls , you have a wild card url : * , and this wildcard is on staging .
So to block ( special charachter , method , or attack signature in the context ) in the context , it should not be on staging .
the same as well for parameters ,
Please let me know if it's something else ^^regards ,