SSL Passthrough to NDES Server

Question

Hi all,&nbsp;
I have a client who is using a BIG-IP appliance as a reverse proxy, if you will. They plan to put a MS NDES server behind the BIG-IP, which accepts connections from clients on the Internet. However they don't want the BIG-IP to terminate SSL, they want the NDES server to do this. I understand we lose SSL inspection capabilities.&nbsp;
How is this setup from a Virtual Server Perspective?&nbsp;
Do I even need an SSL certificate on the F5 for this connection? &nbsp;
What about client/server SSL profiles? Do these need to be specified?&nbsp;
Thanks in advance,&nbsp;
Brett&nbsp;

jad_tabbara__j1 · Answer

Hello Brett, &nbsp;
When managing SSL traffic you have 3 options: &nbsp;
1) SSL Offloading =&gt; you need to assign a clientssl profile and no serverssl profile on the VS (Standard VS Type) &nbsp;
2) SSL Bridging =&gt; you need to assign both clientssl profile and serverssl profile on the VS (Standard VS Type)&nbsp;
3) SSL Passthrough =&gt; you don't need to use any SSL Profile on the VS. If it is an HTTP server you can use "Performance (HTTP)" VS type, or "Performance (Layer 4)". &nbsp;
Hope it helps&nbsp;
Please give me a feedback&nbsp;
Regards&nbsp;

Forum Discussion

SSL Passthrough to NDES Server

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

SSL passthrough

Microsoft Exchange Server

SSL Passthrough.

BIGIP OAUTH : Transmit "Application id" to backend server after a successful atuthentication

SSL Heartbleed server side iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS