Forum Discussion
shaikhzaid
Altocumulus
Altocumulusvirtual server config
hey guys, i have a requirement wherein the url https://xyz.com:9999 will be accessed over the internet. Now once the NATing is done by the firewall, the traffic will be passed to virtual server (1....
Well, this is up to you.
Per my experience, some customers prefer to offload the SSL decryption task to the F5 unit, so that they don't have to perform additional decriptyon on the backend server farm, saving resources. This is usually also allows more agile administration, because you'll only need to renew the certificates on one appliance (BIG-IP) instead of every server.
Other customers prefer to perform SSL encryption in the backend as well because they prioritize information security across the whole network.You might want to discuss this with your engineering team, and if your servers require the SSL handshake to be performed, you'll need a serverSSL profile.
Hello,
First, the virtual server port is usually same port which the client is requesting. For example, if your request is "https://xyz.com:9999" so you can configure the virtual server with the natted IP that the firewall forwards the traffic to and the port is "9999".
Regarding the pool member ports, it depends on what port the server is listening on and expecting to receiving traffic on. as F5 by default is having port translation enabled in the virtual server configuration, so you can either configure the pool member port with 443 or 9999 depending on the server itself.
Feel free to raise any questions.
BR,
Mohamed Salah.