cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

client and server side clone pool - https vip

MAbbas
Cirrus
Cirrus

hi all ,

i want to send all request and response traffic for a https vip to a clone pool .

do i need to have 2 vips -- one vip only with client ssl - and send client side decrypted traffic to clone pool

second with server side ssl that sends server side traffic to clone pool

any help or suggestion will be appreciated

Thanks

4 REPLIES 4

Hi  Please help me to understand your requirement properly.

 

Do you mean, for some of the traffic on the 443 listening VIP, you want plain traffic for server side connection and rest traffic on the same destination IP/VIP, the server side connection should be encrypted ? Kindly confirm if my understanding is correct?

 

NOTE - If your destination VIP IP and port is same, you can create single VIP only. You won't be able to create another VIP with same IP and port. So if your use case is the same that I have said in first question, then you can achieve same using single VIP only. And the requirement can be fulfilled by having traffic matching conditions using LTM policy or iRule.

this is the question --

if i have client side ssl - and server side ssl on a VIP - i get encrypted traffic and send encrypted traffic to pool .

if i want to use clone pool for auditing .

will the traffic sent to - client cone pool and server clone pool be encrypted on NON encrypted

If there is server ssl profile (server side SSL) configured on a VIP, it will always have secure or encrypted connection between F5 and backend server for all the pool behind it. If you want to bypass server ssl (server side SSL) for any specific pool, then you can do it using LTM policy or iRule.

my question is regarding clone pool