SSL transparnecy

Question

Hi All,&nbsp;
&nbsp;I was wondering if it is possible to configure Big IP in the following way?&nbsp;
&nbsp;2 or more web servers with SSL. 2 Big IP in failover, with 1 VIP for web servers. The client connects to the VIP with HTTPS which is balanced to one of the web servers. I don't want the F5 to offload the SSL, i want this to passthrough to web servers. Essentially having the Big IP only load balance.&nbsp;
&nbsp;I know it's better have the Big IP to offload the SSL, but this is what i've been asked to do...

joe_pruitt · Answer

You can absolutely have BIG-IP just do the load balancing without ssl offload.  The only issue is that you will lose any sort of content inspection (ie, the BIG-IP will not be able to see any HTTP headers/cookies/payload/etc).  So if you want to do custom persistence, routing, or redirection based the URI/hostname/cookies/form parameters/etc) you'll be out of luck.  You have to be able to decrypt the traffic to be able to look inside of it.&nbsp;
&nbsp;-Joe

ian_amos_37833 · Answer

Sorry to resurrect an old post, but how do you configure this? &nbsp;
&nbsp;I've looked at simply not assigning Client or Server SSL profiles, but that doesn't seem to have helped.. &nbsp;
&nbsp;NVM, realised my mistake.. I'd left the HTTP profile in place, and this was obviously changing something as I got 'TLS error'...

Forum Discussion

SSL transparnecy

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

SSL Orchestrator Service Extensions: DoH Guardian

SSL Profiles Part 6: SSL Renegotiation

wccp configuration for SSL Orchestrator

Introduction to BIG-IP SSL Orchestrator

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS