which Persistence to use when F5 works in SSL Bridging mode and traffic is natted at core.

Question

My deployment is like this&nbsp;
Client--&gt;https--&gt;F5--&gt;https--&gt;server (F5 is in bridge mode not pass through)&nbsp;
I can not use source ip persistence as frenchise users will be natted at core. Can i use cookie persistence and which cookie persistence? will it work in my senario? as i tried it and it was not working for some reason.&nbsp;

brad_parker_139 · Answer

Are you terminating SSL with a client-ssl profile then re-encrypting with a server-ssl profile? If you do that you should be able to use an HTTP profile and cookie persistence. The default "insert cookie" method is the easiest cookie method to use and should work just fine for you. Remember you can't use cookie persistence without an HTTP profile. I would also highly recommend using a OneConnect profile with cookie persistence or else you run the risk on not load balancing all requests to the same server.

brad_parker · Answer

Are you terminating SSL with a client-ssl profile then re-encrypting with a server-ssl profile? If you do that you should be able to use an HTTP profile and cookie persistence. The default "insert cookie" method is the easiest cookie method to use and should work just fine for you. Remember you can't use cookie persistence without an HTTP profile. I would also highly recommend using a OneConnect profile with cookie persistence or else you run the risk on not load balancing all requests to the same server.

muhammad_irfan1 · Answer

yes i am terminating and re-encrypting SSL. Some how cookie persistence was not working today, will test tomorrow again.

muhammad_irfan1 · Answer

yes i am terminating and re-encrypting SSL. Some how cookie persistence was not working today, will test tomorrow again.

nathe · Answer

I agree with all brad says. Further, if cookie persistence seems not to work then a tool like fiddler/http watch/http fox should help troubleshoot. You should see a BIGIPxxxxx cookie in the http requests. Xxxxx will be specific to a pool member

Forum Discussion

which Persistence to use when F5 works in SSL Bridging mode and traffic is natted at core.

8 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIPRION B2250 to VELOS CX410 and BIG-IPr10900 migration

Raise your hand if you'll be at AppWorld 2026

RDP Webtop deployment

Maintenance page / local website that includes subfolders

Single LTM with multiple GTM domains

Related Content

F5 XC – Persistence and Resiliency pt. I (persistence)

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

SSL Bridging verification

F5 LTM SSL Bridging - send decrypted traffic to clone pool

Integrating SSL Orchestrator with CheckPoint Firewall VM-Bridge Mode (L2)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS