John_Beckmann's avatar
John_Beckmann
Icon for Employee rankEmployee
Jul 01, 2019

This has actually been implemented in 13.1.0

 

K11323537: Configuring In-TMM monitoring

https://support.f5.com/csp/article/K11323537

 

This allows you to add a ServerSSL Profile to a Monitor, and in the ServerSSL Profile, you can specify a SNI.

 

# list ltm monitor https https_in_tmm

ltm monitor https https_in_tmm {

   adaptive disabled

   defaults-from https

   destination *:*

   interval 5

   ip-dscp 0

   recv none

   recv-disable none

   send "GET /\r\n"

   ssl-profile /Common/in-tmm-monitor

   time-until-up 0

   timeout 16

}

ltm profile server-ssl in-tmm-monitor {

   app-service none

   defaults-from serverssl

   server-name email.apmjb2.local

}

 

Now the monitor sends an SNI of email.apmjb2.local

 

# tshark -r /shared/tmp/tmm_sni.pcap -T fields -e ssl.handshake.extensions_server_name -R "ssl.handshake.extensions_server_name" -2

email.apmjb2.local