Forum Discussion

Nimbostratus

Oct 13, 2009

SSL pass-through configuration

Can someone tell me how to I configure SSL pass-through for Standard VS? Basically we dont want to have SSL offloading on LTM and the server should have SSL cert. I have used 2 options suggested by F5...

Nimbostratus

Feb 07, 2018

Is there any F5 documentation explaining SSL pass-through and how to configure it?

Robell_Pontes_7
Nimbostratus
Feb 07, 2018
ssl traffic can be processed in 3 ways:

a) ssl offloading, where the traffic is encrypted from the client to the F5 and then the F5 decrypts it (terminates the SSL) and sends it to the backend "plain". you need a ClientSSL profile for this.

b) ssl bridging, where the traffic is encrypted from the client to the F5 and then the F5 decrypts it, usually to perform some sort of layer 7 operation (such as apply an irule to check the http request) but then the traffic is encrypted again before being sent to the backed. you need a ClientSSL profile and a ServerSSL for this.

c) there's nothing to configure for ssl 'passthrough'. It just means the SSL traffic is passed as it is through the F5 to the backend servers, not terminated on the F5. No layer 7 processing can be performed on the F5 as traffic is encrypted.
RiadSanchz_3395
Nimbostratus
Feb 07, 2018
Thank you so much for the response.. Server Team asked me to setup the a new VS and set it up as ssl pass-through. So basically I do nt have to attach and SSL Profile to the VS as I would in SSL offloading.