For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

eben's avatar
eben
Icon for Nimbostratus rankNimbostratus
Jan 11, 2017

VS not working as it should.

Hi Experts,

 

I am trying to deliver a couple of applications to my clients. below are the details and what I have observed.

 

I have 2 nodes. 1. Ports 443 on those nodes service a particular app 2. Ports 5555 on those nodes service another app 3. Ports 8080,8090 on both nodes service an entirely different app.

 

For the 443 ports, ssl-bridging was used to deliver the app. It works fine For the 5555 ports, the vs was created and it works fine. For the 8080,8090, the client requested ssl offloading, so i used a custom https port redirecting all 8080 to port 4443 and 8090 to ports 8443. when the client try accessing the app, it redirects with :4443 and :8443 in the headers. when i try to login to the app, the page just blinks, I go to check the app server logs, and there is nothing. Lastly i took off ssl and tried just HTTP. this works fine.

 

What could be wrong?

 

application delivery
LTM

3 Replies

  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    Jan 11, 2017

    The ports you use don't matter, as long you apply the correct ssl profiles. If you are just doing SSL offloading, you just need clientssl profile. If you need to see the HTTP data, you need a clientssl profile and serverssl profile.

     

    If you are using SSL, but you don't have ssl profiles in the virtual server, the SSL handshake will be between the client and server. In this case if you add a HTTP profile, it won't work as it will not be able to see the HTTP data.

     

    Lastly, you can use one port in the virtual server, and a another one in the pool member. Just make sure port translation is enabled in the virtual server.

     

    This article have a good explanation about how SSL works in F5 world:

     

    https://devcentral.f5.com/articles/ssl-profiles-part-1

     

  • Guillaume_H_'s avatar
    Guillaume_H_
    Icon for Nimbostratus rankNimbostratus
    Jan 11, 2017

    It's assl profile problem. you can check: - client certificate - server certifciate - ssl offloading.

     

  • eben's avatar
    eben
    Icon for Nimbostratus rankNimbostratus
    Jan 11, 2017

    Really appreciate your inputs. This issue was resolved about 3hours ago. The applications for a very weird reason did not support F5 enhancement to App. Delivery. I took off compression and caching. then it worked as expected.

     

    Thanks.