SNI Routing with BIG-IP
Updated Mar 25, 2023
Version 2.0Was this article helpful?
adding the second virtual for completeness. In this case the SSL certificate is known by the BIG-IP (app1.example.com). The second pool "test_ssl" points directly to the backend web server and the BIG-IP does not have the certificate (app2.example.com).
The virtual listens on port 9443, but you could also use a different private address and/or restrict connections (i.e. set the source to be 192.0.2.10/32).
ltm virtual test_ssl_vs {
destination 192.0.2.10:9443
ip-protocol tcp
mask 255.255.255.255
pool test_pool
profiles {
app1.example.com_clientssl {
context clientside
}
http { }
tcp { }
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 10
}