Forum Discussion
virtual server config
- Jan 03, 2023
Well, this is up to you.
Per my experience, some customers prefer to offload the SSL decryption task to the F5 unit, so that they don't have to perform additional decriptyon on the backend server farm, saving resources. This is usually also allows more agile administration, because you'll only need to renew the certificates on one appliance (BIG-IP) instead of every server.
Other customers prefer to perform SSL encryption in the backend as well because they prioritize information security across the whole network.You might want to discuss this with your engineering team, and if your servers require the SSL handshake to be performed, you'll need a serverSSL profile.
Thank you guys for the swift response.
I have configured the firewall to translate only the public ip to VIP on F5.
On the virtual server config, it is listening on port 443, and the pool called-in this VS is pool with port 9999.
Also both client and server ssl profiles are applied.
on the firewall am getting TCP reset from server.
Ok, based on this information I'm expecting the reset to be on port 9999, and this is because port 9999 does not match your virtual server socket.
Virtual Server should match the port specified in client connection, so you need to change it to listen on port 9999.
- shaikhzaidJan 03, 2023Altocumulus
Thanks guys again.
I understand the VS port need to be updated with 9999 instead of 443.
But, i am wondering, since the client will be requesting the url with https ahead, then why we need to make the virtual server port to 9999 which is url port extension.?
Apologies, but am a bit new to F5.
- CA_ValliJan 03, 2023MVP
Hello, this isn't F5- specific.
The default port for HTTP is 80 and for HTTPS is 443, but port numbers range from 0 to 65535.
HTTP(S) protocol allows you to specify a port number at request time. If you do, like in your case, this port will be used instead of default port to connect to the server.
In this case, F5 is the server. So it must be configured to accept connections to this port, otherwise it won't make sense for the client to specify a port at connection time.
- shaikhzaidJan 03, 2023Altocumulus
Thanks i got it.
What about the ssl profiles ? should i include the ssl server profile in the VS as well ?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com