Forum Discussion

Nimbostratus

Oct 13, 2009

SSL pass-through configuration

Can someone tell me how to I configure SSL pass-through for Standard VS? Basically we dont want to have SSL offloading on LTM and the server should have SSL cert. I have used 2 options suggested by F5...

Cirrostratus

Nov 17, 2009

There are a few options (in order by what I think your requirements are):

1. Standard TCP VIP without any client or server SSL using SSL session ID persistence. No HTTP inspection or modification possible.

2. Standard TCP VIP with a client and server SSL profile. This would add load to both LTM and the servers for decrypting and re-encrypting the SSL, but would allow you to inspect and modify the HTTP on LTM and keep all traffic on the wire encrypted.

3. Use a performance layer 4 VIP and no client or server SSL profiles. This is the fastest in terms of LTM processing, but also the most limited in terms of functionality. You cannot use client or server SSL, an HTTP profile for inspection or modification, cookie insert persistence, etc.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL pass-through configuration

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Expired client-certificate

F5 Big-IP Trust Internal CA Chain certificates for Web Servers

XC - geo LB to the origin servers

Floating Ip Problem

F5 rSeries || Upgrade tenant

Related Content

wccp configuration for SSL Orchestrator

F5 BIG-IP SSL Orchestrator Configuration with Advanced WAFaaS

Implementing SSL Orchestrator - Guided Configuration

Customised https port with ssl pass through

How to configure SSL Pass-through

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS