Forum Discussion
Where are the F5 SSL Orchestrator (SSLO) SplitSession Client/SplitSession Server profiles used?
I have seen this profiles but there is not a lot of info about their use cases.
From the article below I think that they are only important when two F5 sslo devices are used ingress and egress traffic:
From what I gather if a single SSLO is used the settings will be "Local Peer" enabled and "Lookup Type" set to "Flow" but when is "Session Flow" or "HTTP Header" used ? Is session flow for layer2/3 services and when there are 2 SSLO for ingress and egress traffic and "HTTP Header" for transparent/explicit proxy services again with two SSLO for ingress and egress traffic?
Splitsession profiles are used to convey flow information, signaling, for the traffic that leaves the BIG-IP to pass through the security services. For inline L2/L3 services, flow is used (5-tuple src:dst addr:port proto). Flow signaling can't work across an HTTP (proxy) devices because a proxy will always minimally change the source port, and usually some of the other values. So for HTTP services it uses an HTTP header to track the flow across the service. To my knowledge, session flow isn't used.
- Kevin_StewartEmployee
Splitsession profiles are used to convey flow information, signaling, for the traffic that leaves the BIG-IP to pass through the security services. For inline L2/L3 services, flow is used (5-tuple src:dst addr:port proto). Flow signaling can't work across an HTTP (proxy) devices because a proxy will always minimally change the source port, and usually some of the other values. So for HTTP services it uses an HTTP header to track the flow across the service. To my knowledge, session flow isn't used.
Kevin_Stewart I thought that you may give me the reply as you are an SSLO expert. Thanks 😀
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com