SSL offloading on a non-ssl VS

Question

I'd like to set up a virtual server which listens on non-ssl port but the pool members needs to be ssl.
Here's the flow,
F5 Virtual Server (80) -- Pool (443) and the response should be sent back to 80 to Virtual server.
How should I achieve this ? iRule or through SSL profiles ? enabling server ssl and client ssl to empty? will it do it ?&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
The answer is in the question!!!&nbsp;
If the virtual server have a serverssl profile without clientssl, it will have the expected behavior!&nbsp;

kai_wilke · Answer

Hi Susheel,&nbsp;
LTM operates always in a full-proxy mode, where the client side connection and server side connection is completely separated.&nbsp;
You can configure the client side connection on whatever port you need (via VS setting) and with or without SSL encryption (via Client-side SSL Profile settings) and combine it with a server side connections on whatever port you need (via Pool Members) with or without SSL encryption (via Server-side SSL Profile). Sky is just the limit in this case...&nbsp;
You will only need to deploy an iRule/LTM Policy if your scenario requires to selectively switch between Server-Side-SSL or Server-Side-Plaintext on the same VS.&nbsp;
Cheers, Kai&nbsp;

Forum Discussion

SSL offloading on a non-ssl VS

2 Replies

How I did it - "High-Performance S3 Load Balancing of Dell ObjectScale with F5 BIG-IP"

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Orchestrator and Traffic Flows

ISV logging in 17.1.2.2

Issue with 2 parallel F5 clusters

Version 17.5.1 as next move?

Upgrade Path for BIG-IP 2000 – Out of Warranty and EoRMA Status

Related Content

Redirect Non-SSL Requests on SSL Virtual Server Rule

SSL Offload with HTTP/2.0

have ssl and non ssl pools (or pool members) for a VS

F5 SSL Offload behind Nginx Reverse Proxy

SSL Offloading for specific IPs or range of IPs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS