Forum Discussion

Nfordhk_66801's avatar
Nfordhk_66801
Icon for Nimbostratus rankNimbostratus
Jan 23, 2015

Using ServerSSL Profiles

Hi,   I am interested in using ServerSSL profiles to secure connectivity from the client to the end host but I have some confusions about the process. Right now our setup looks like this:   Two...
application delivery
design
LTM
security
serverssl
ssl
Nfordhk_66801's avatar
Nfordhk_66801
Icon for Nimbostratus rankNimbostratus
Jan 23, 2015

In reality, are there any benefits to letting the F5 perform all these functions? Why not just put certs on the servers themselves and let the F5 acts as a pass through?

 

  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Jan 23, 2015
    If you want to leverage any Layer 7 functionality it will require that the F5 be able to decrypt the SSL traffic. i.e. iRules that use HTTP events.
  • Nfordhk_66801's avatar
    Nfordhk_66801
    Icon for Nimbostratus rankNimbostratus
    Jan 26, 2015
    What about using the ASM? We are purchasing it soon. Will that cause any issues if I just use the F5 as a passthrough?
  • shaggy's avatar
    shaggy
    Icon for Nimbostratus rankNimbostratus
    Jan 26, 2015
    yes - ASM is Layer 7 functionality. F5 must terminate SSL in order to decrypt client requests, which is required if you want ASM security policies to inspect those requests. So, at a minimum, a client-SSL profile must be assigned to those virtual servers. A ServerSSL profile will re-encrypt traffic back to the pool member.