SSL transparnecy

Question

Hi All,&nbsp;
&nbsp;I was wondering if it is possible to configure Big IP in the following way?&nbsp;
&nbsp;2 or more web servers with SSL. 2 Big IP in failover, with 1 VIP for web servers. The client connects to the VIP with HTTPS which is balanced to one of the web servers. I don't want the F5 to offload the SSL, i want this to passthrough to web servers. Essentially having the Big IP only load balance.&nbsp;
&nbsp;I know it's better have the Big IP to offload the SSL, but this is what i've been asked to do...

joe_pruitt · Answer

You can absolutely have BIG-IP just do the load balancing without ssl offload.  The only issue is that you will lose any sort of content inspection (ie, the BIG-IP will not be able to see any HTTP headers/cookies/payload/etc).  So if you want to do custom persistence, routing, or redirection based the URI/hostname/cookies/form parameters/etc) you'll be out of luck.  You have to be able to decrypt the traffic to be able to look inside of it.&nbsp;
&nbsp;-Joe

ian_amos_37833 · Answer

Sorry to resurrect an old post, but how do you configure this? &nbsp;
&nbsp;I've looked at simply not assigning Client or Server SSL profiles, but that doesn't seem to have helped.. &nbsp;
&nbsp;NVM, realised my mistake.. I'd left the HTTP profile in place, and this was obviously changing something as I got 'TLS error'...

Forum Discussion

SSL transparnecy

Recent Discussions

ppp TunnelStats: LCP_UNKNOWN_OPTIONS 1,LCP_PROTO_REJ 1,FSM_UNEXPECTED_DOWN 1,

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

F5 looses the token for the first call

feature request: container egress service

Related Content

Updating SSL Certificates on BIG-IP using REST API

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Check a Virtual Server's SSL Status

SSL protocol mismatch

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS