For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Pihu_294516's avatar
Pihu_294516
Icon for Altostratus rankAltostratus
Aug 09, 2018

SSL Passthrough, SSL Offloading and SSL Bridging

Hi all,   Can anyone help me understand how to configure VIPs SSL Passthrough, SSL Offloading and SSL Bridging scenarios? What components are taken into consideration for each of the requirement a...
application delivery
LTM
TMOS
Faruk_AYDIN's avatar
Faruk_AYDIN
Icon for Altostratus rankAltostratus
Aug 09, 2018

 

1-) SSL Offloading: It means that client to F5 traffic is encrypted, SSL ends on F5, then clear text traffic goes through from F5 to server. ClientSSL profile is needed and http monitor is used for servers. You can also add http profile and optimize traffic according to Layer 7 traffic. Cookie persistency can be used.

 

2-) SSL Bridging: It means that client to F5 traffic is encrypted, and F5 to server traffic is encrypted. But each site has separate SSL session. ClientSSL and ServerSSL profile are needed, https monitor is used for servers. You can also add http profile and optimize traffic according to Layer 7 traffic. Cookie persistency can be used.

 

3-) SSL passthrough: It means that F5 only load balances traffic at TCP level and SSL ends on Servers. You should NOT add clientSSL and serverSSL profile. You CANNOT use http profile, therefore you CANNOT optimize layer 7 traffic. Cookie persistency CANNOT be used.