F5 Sites
  • F5.com
  • LearnF5
  • NGINX
  • MyF5
  • Partner Central
Contact
  • Under Attack?
  • F5 Support
  • DevCentral Support
  • F5 Sales
  • NGINX Sales
  • F5 Professional Services
Brand LogoSkip to content
Forums
CrowdSRC
Articles
Groups
EventsSuggestionsHow Do I...?
RegisterSign In
  1. DevCentral
  2. Articles
  3. Technical Articles

HTTPS SNI Monitoring How-to

Hi, You may or may not already have encountered a webserver that requires the SNI (Server Name Indication) extension in order to know which website it needs to serve you. It comes down to "if you ...
Published Mar 23, 2014
Version 1.0
availability
deployment
https
management
monitor
monitoring
openssl
security
sni
ssl
Thomas_Schocka1's avatar
Thomas_Schocka1
Icon for Altocumulus rankAltocumulus
Joined May 04, 2012
View Profile
Thomas_Schocka1's avatar
Thomas_Schocka1
Icon for Altocumulus rankAltocumulus
Joined May 04, 2012
View Profile
John_Beckmann's avatar
John_Beckmann
Icon for Employee rankEmployee
Jul 01, 2019

This has actually been implemented in 13.1.0

 

K11323537: Configuring In-TMM monitoring

https://support.f5.com/csp/article/K11323537

 

This allows you to add a ServerSSL Profile to a Monitor, and in the ServerSSL Profile, you can specify a SNI.

 

# list ltm monitor https https_in_tmm

ltm monitor https https_in_tmm {

   adaptive disabled

   defaults-from https

   destination *:*

   interval 5

   ip-dscp 0

   recv none

   recv-disable none

   send "GET /\r\n"

   ssl-profile /Common/in-tmm-monitor

   time-until-up 0

   timeout 16

}

ltm profile server-ssl in-tmm-monitor {

   app-service none

   defaults-from serverssl

   server-name email.apmjb2.local

}

 

Now the monitor sends an SNI of email.apmjb2.local

 

# tshark -r /shared/tmp/tmm_sni.pcap -T fields -e ssl.handshake.extensions_server_name -R "ssl.handshake.extensions_server_name" -2

email.apmjb2.local

 

 

ABOUT DEVCENTRAL

DevCentral NewsTechnical ForumTechnical ArticlesTechnical CrowdSRCCommunity GuidelinesDevCentral EULAGet a Developer Lab LicenseBecome a DevCentral MVP

RESOURCES

Product DocumentationWhite PapersGlossaryCustomer StoriesWebinarsFree Online CoursesF5 CertificationLearnF5 Training

SUPPORT

Manage SubscriptionsProfessional ServicesProfessional ServicesCreate a Service RequestSoftware DownloadsSupport Portal

PARTNERS

Find a Reseller PartnerTechnology AlliancesBecome an F5 PartnerLogin to Partner Central

F5 logo©2024 F5, Inc. All rights reserved.
TrademarksPoliciesPrivacyCalifornia PrivacyDo Not Sell My Personal Information