Forum Discussion

Sly_85819's avatar
Sly_85819
Icon for Nimbostratus rankNimbostratus
Oct 13, 2009

SSL pass-through configuration

Can someone tell me how to I configure SSL pass-through for Standard VS? Basically we dont want to have SSL offloading on LTM and the server should have SSL cert. I have used 2 options suggested by F5...
application delivery
dev
devops
iRules
RiadSanchz's avatar
RiadSanchz
Icon for Cirrus rankCirrus
Feb 07, 2018

Is there any F5 documentation explaining SSL pass-through and how to configure it?

 

Robell_Pontes_7's avatar
Robell_Pontes_7
Icon for Nimbostratus rankNimbostratus
Feb 07, 2018

ssl traffic can be processed in 3 ways:

 

a) ssl offloading, where the traffic is encrypted from the client to the F5 and then the F5 decrypts it (terminates the SSL) and sends it to the backend "plain". you need a ClientSSL profile for this.

 

b) ssl bridging, where the traffic is encrypted from the client to the F5 and then the F5 decrypts it, usually to perform some sort of layer 7 operation (such as apply an irule to check the http request) but then the traffic is encrypted again before being sent to the backed. you need a ClientSSL profile and a ServerSSL for this.

 

c) there's nothing to configure for ssl 'passthrough'. It just means the SSL traffic is passed as it is through the F5 to the backend servers, not terminated on the F5. No layer 7 processing can be performed on the F5 as traffic is encrypted.