Forum Discussion

MustphaBassim's avatar
MustphaBassim
Icon for Cirrus rankCirrus
Nov 14, 2022

User access to servers

Hello Dears i have mluti servers working with different ports like 8080 , 8090 ... etc and all of them are load balnacing using F5 i am asking if it's double to make user reach the servers using sta...
application delivery
load balancing
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Nov 15, 2022

    Very well , 

    Change " service port 0 " to your needed port "7134" 
    This mandatory in your Case. 
    > Virtual server "100.68.0.8" listens on 443 , it performs destination NAT to both Pool_members "100.66.0.8" and "100.66.0.7". 
    But What about the port translation , 
    443 port can not be translated to port "0" , Port "0" means any. 
    so in this case , F5 does not perform a Port address translation it transfer the traffic on Port 443 as it is without translation to port 7134. 

    > so the needed action is to change "0" to 7134 on both of pool members. 
    Thats why you access it when configuring the virtual server to listen on port 7134 not 443 as you did recently. 

    try it and tell me. 
    it will work isa. 

Paulius's avatar
Paulius
Icon for MVP rankMVP

MustphaBassim That is definitely doable and you would just want to make sure that you are binding the appropriate SSL cert on the F5 so you can make the appropriate load balancing decision on the server side of the connection.

MustphaBassim's avatar
MustphaBassim
Icon for Cirrus rankCirrus
Nov 14, 2022

Hello Dears and thnx for reply but the problem is i am using wide card certificate with for all domains

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Nov 14, 2022

    Hello MustphaBassim ,

    • As Paulius said it is doable , to use 443 in your Virtual server with a client ssl certificate , F5 forwards the traffic to 8080 or 8090 by default without issues. 
    • The question is , do you use " *.xyz.com" as a wildcard certificate or what ? 
    • Also make sure that you have changed the FQDNs "hostnames" or the DNS records to the f5 virtual server ips or if you have a perimeter firewall before f5 , review the destination NAT rules to make sure that the firewall perform the destination nat to the correct virtual servers on f5.

    Don't worry about that , it will work with you as your request is the most deployed on f5. 

    If not working with you , clarify more your request. 

    Regards 

    • MustphaBassim's avatar
      MustphaBassim
      Icon for Cirrus rankCirrus
      Nov 14, 2022

      hello dear, the certifcate is wild card one and also for NAT the servers are local access and there is no NAT in the middle the message go to F5 from users direct

      • Mohamed_Ahmed_Kansoh's avatar
        Mohamed_Ahmed_Kansoh
        Icon for MVP rankMVP
        Nov 14, 2022

        MustphaBassim ,

        Well , could you please figure out your scenario.  

        Also , do you want web1 and web2 in the same pool or separate pool , I mean do you make f5 loadbalance between them by using single virtual server or 2 virtual servers , one for 8080 service and the other for 8090. 

        Please send more clarification