Forum Discussion
SanjayP
Dec 16, 2021Nacreous
F5 is a full proxy. If F5 is terminating SSL on the clientside, acting as TLS server and requesting for mTLS cert from the client, only way to send the cert to the backend node is parse the cert and send it in HTTP header.
If the backend node, needs to have clientcert directly from the client (without F5 sending it in a header), VIP needs to be configured as TLS pass-through (either performance layer 4 or standard VIP without http and ssl profiles)
OR you can try proxy-ssl feature
https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-system-ssl-administration/implementing-proxy-ssl-on-a-single-big-ip-system.html