Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Susheel_308346's avatar
Susheel_308346
Icon for Nimbostratus rankNimbostratus
Jan 22, 2019

SSL offloading on a non-ssl VS

I'd like to set up a virtual server which listens on non-ssl port but the pool members needs to be ssl. Here's the flow, F5 Virtual Server (80) -- Pool (443) and the response should be sent back to 8...
devops
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 23, 2019

Hi Susheel,

 

LTM operates always in a full-proxy mode, where the client side connection and server side connection is completely separated.

 

You can configure the client side connection on whatever port you need (via VS setting) and with or without SSL encryption (via Client-side SSL Profile settings) and combine it with a server side connections on whatever port you need (via Pool Members) with or without SSL encryption (via Server-side SSL Profile). Sky is just the limit in this case...

 

You will only need to deploy an iRule/LTM Policy if your scenario requires to selectively switch between Server-Side-SSL or Server-Side-Plaintext on the same VS.

 

Cheers, Kai