Forum Discussion

Poseidon1974's avatar
Poseidon1974
Icon for Cirrostratus rankCirrostratus
Feb 08, 2023

SSL profile client

Hi, I have a configuration with VS in https, the backend server carries a certificate, I have configured standard F5 SSL profiles (client/sever), however when the client accesses VS, he has an unsec...
security
Poseidon1974's avatar
Poseidon1974
Icon for Cirrostratus rankCirrostratus
Feb 08, 2023

H,

Really thanks , so question , therefore, it is impossible to bypass the error message displayed on the browser without adding a certificate on the F5, is it mandatory? there is no other solution without adding the certificate on the F5, because we already have one on the backend server ? 

Thanks

  • Ichnafi's avatar
    Ichnafi
    Icon for Cirrostratus rankCirrostratus
    Feb 08, 2023

    If you don't need to terminate a SSL session on the F5 (for example to look into the http headers, manipulate content, oder do some irule shenanigans like url base loadbalaning, you don't neet to do ssl on the f5 at all.

    Just use a Performance Layer (Layer 4) type for your VS and the F5 will only do Layer 4 Loadbalancing. You are then a bit of limited in things like load-balancing and persistence. Also TCP optimizations towards client and server are not possible.
    Keep in mind, that the VS type will handly traffic differently and you might loose some features.

    Overview of all types: https://my.f5.com/manage/s/article/K55185917
    Overview of how TCP is handled by the different VS: https://support.f5.com/csp/article/K8082

     

    • Poseidon1974's avatar
      Poseidon1974
      Icon for Cirrostratus rankCirrostratus
      Feb 08, 2023

      Thank you  !