Forum Discussion
Nikoolayy1
MVP
MVPWhere are the F5 SSL Orchestrator (SSLO) SplitSession Client/SplitSession Server profiles used?
I have seen this profiles but there is not a lot of info about their use cases.
From the article below I think that they are only important when two F5 sslo devices are used ingress and egress ...
Splitsession profiles are used to convey flow information, signaling, for the traffic that leaves the BIG-IP to pass through the security services. For inline L2/L3 services, flow is used (5-tuple src:dst addr:port proto). Flow signaling can't work across an HTTP (proxy) devices because a proxy will always minimally change the source port, and usually some of the other values. So for HTTP services it uses an HTTP header to track the flow across the service. To my knowledge, session flow isn't used.
Kevin_Stewart
Employee
EmployeeSplitsession profiles are used to convey flow information, signaling, for the traffic that leaves the BIG-IP to pass through the security services. For inline L2/L3 services, flow is used (5-tuple src:dst addr:port proto). Flow signaling can't work across an HTTP (proxy) devices because a proxy will always minimally change the source port, and usually some of the other values. So for HTTP services it uses an HTTP header to track the flow across the service. To my knowledge, session flow isn't used.
Nikoolayy1MVP
MVPKevin_Stewart I thought that you may give me the reply as you are an SSLO expert. Thanks 😀