Virtual Directory

There are a couple of things going on here. First of all, I'm assuming that you are having the BIG-IP to the SSL termination and then sending the decrypted traffic to your backend server. If you want to just do a straight pass through you can turn off SSL termination and pass the traffic as is. The problem with this approach is that you will not be able to look at the content to do things like content inspection with iRules. But, BIG-IP is very fast at SSL decryption (much faster than your backend servers). In most cases customers terminate SSL on the BIG-IP "instead" of the backend servers to help make better use of their server resources as well as reducing the management of SSL certificates on each web server.

 

 

If you do want to decrypt the traffic on your BIG-IP AND you want to have it encrypted on your backend server, then you can create a server SSL profile and you can have the BIG-IP re-encrypt the traffic before it's sent to your servers.

 

 

I guess my big question is: why do you need SSL on your backend servers. If you already have a pool of servers listening on port 80, then why don't you have that as the default pool on your virtual.

 

 

It would be in your best interest to configure the backend servers to port 80 in clear text and let BIG-IP to the termination of the SSL connections...

 

 

Hope this helps...

 

 

-Joe