Forum Discussion
NimbostratusTwo load balancers in a row. How to manage certs
I have a top level F5 receiving traffic and sending to pools with two nodes in each pool. One node is the VIP on a next level F5 (a side) and the other node is a VIP on a different F5 (b side).
How do i set up the certs on something like this? -Pass through on the top level f5 and offload certs on the lower level? -Offload cert and use the clientssl cert to speak to the next f5? -Offload and re-encrypt with the same cert on both sides of the first f5?
youssef1Cumulonimbus
Hi,
Depending what's you want to implement. If you don't use ASM or APM you can set up this configuration:
FRONT REVERSE PROXY: L4 with source address persistence
BACK Reverse proxy (Side A): ssl interception (cookie persistence if you have multiple node)
BACK Reverse proxy (Side B): ssl interception (cookie persistence if you have multiple node)
Important point: if you have Hardware device in FRONT REVERSE PROXY and VE in BACK REVERSE PROXY. It's better to set ssl interception in in hardware device for performance reason.
For information ssl interception means that you have to set client and server ssl profile.
Regards
Andy_McGrathWhat are your security requirements?
Do you need the traffic encrypted after the first level F5's?
Do you need to do any layer 7 processing, like select a pool or pool member based on part the of the HTTP request or insert a cookie for persistence?