Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Best practices using front-VS and back-VS solutions


Hi, tries to find some best practices how to use a front-end VS (LTM) and back-end VS (LTM+APM) on same BigIP. The front VS represent the host and the path different applications. In my configuration the front VS calling the back VS using irule command "virtual vs-name". The front-end VS also have pool select for applications that does not need to be handled by APM (back-end VS). The front-end VS has both client SSL-profile and server SSL-profile enabled. The back-end VS has only server SSL-profile. I use "SSL::disable" and "SSL::enable" depending on what kind of pools that will be selected. For all applications that need to go through an APM Policy the front-end VS send this to the back-end VS. I do not use OneConnect profile.


The front-end VS has public IP addresses but the back-end VS has private addresses that is not a part of a Self-IP.


The solution is working fine but I am looking for improvements or to hear other experiences.


Regards Erik



F5 Employee
F5 Employee

This is a reasonable solution, and I believe you can also do this in a CPM policy.