Hi, tries to find some best practices how to use a front-end VS (LTM) and back-end VS (LTM+APM) on same BigIP. The front VS represent the host and the path different applications. In my configuration the front VS calling the back VS using irule command "virtual vs-name". The front-end VS also have pool select for applications that does not need to be handled by APM (back-end VS). The front-end VS has both client SSL-profile and server SSL-profile enabled. The back-end VS has only server SSL-profile. I use "SSL::disable" and "SSL::enable" depending on what kind of pools that will be selected. For all applications that need to go through an APM Policy the front-end VS send this to the back-end VS. I do not use OneConnect profile.
The front-end VS has public IP addresses but the back-end VS has private addresses that is not a part of a Self-IP.
The solution is working fine but I am looking for improvements or to hear other experiences.