Forum Discussion

MustphaBassim's avatar
Nov 14, 2022

User access to servers

Hello Dears

i have mluti servers working with different ports like 8080 , 8090 ... etc and all of them are load balnacing using F5 i am asking if it's double to make user reach the servers using starndered 443 port and the F5 make the connnection to correct for exmpale

web1.abc.com would be to 8080

web2.abc.com would be to 8090

Best Regards

  • Very well , 

    Change " service port 0 " to your needed port "7134" 
    This mandatory in your Case. 
    > Virtual server "100.68.0.8" listens on 443 , it performs destination NAT to both Pool_members "100.66.0.8" and "100.66.0.7". 
    But What about the port translation , 
    443 port can not be translated to port "0" , Port "0" means any. 
    so in this case , F5 does not perform a Port address translation it transfer the traffic on Port 443 as it is without translation to port 7134. 

    > so the needed action is to change "0" to 7134 on both of pool members. 
    Thats why you access it when configuring the virtual server to listen on port 7134 not 443 as you did recently. 

    try it and tell me. 
    it will work isa. 

  • MustphaBassim That is definitely doable and you would just want to make sure that you are binding the appropriate SSL cert on the F5 so you can make the appropriate load balancing decision on the server side of the connection.

    • MustphaBassim's avatar
      MustphaBassim
      Icon for Cirrus rankCirrus

      Hello Dears and thnx for reply but the problem is i am using wide card certificate with for all domains

      • Hello MustphaBassim ,

        • As Paulius said it is doable , to use 443 in your Virtual server with a client ssl certificate , F5 forwards the traffic to 8080 or 8090 by default without issues. 
        • The question is , do you use " *.xyz.com" as a wildcard certificate or what ? 
        • Also make sure that you have changed the FQDNs "hostnames" or the DNS records to the f5 virtual server ips or if you have a perimeter firewall before f5 , review the destination NAT rules to make sure that the firewall perform the destination nat to the correct virtual servers on f5.

        Don't worry about that , it will work with you as your request is the most deployed on f5. 

        If not working with you , clarify more your request. 

        Regards