How to filter VIP with SSL method

Question

Hi,Just want to understand is there any way we can filter vip with ssl method associated like offload, full-proxy and passthrough using tmsh. The requirement is to fetch all virtual servers and pool members which are encrypted and unencrypted.&nbsp;Thanks!

jrahm · Answer

There's no details in the profile objects themselves that indicate that it is an ssl profile unless your nomenclature is set up that way and you're confident it's accurate. But you can do this with a tmsh script. You'll need to first build two lists, one each for client-ssl and server-ssl profiles, and then loop through each virtual's profiles to determine one or more matches. Logic would be something like this:

if match client AND server profile, then traffic client-&gt;BIG-IP-&gt;server is encrypted on the wire but offloaded
if match only client profile, then traffic to BIG-IP is encrypted, but to server is decrypted
if match only server profile, then traffic to BIG-IP is decrypted, but to server is encrypted
if match no profiles but the defined port (or port list if not standard 443/https),then traffic client-&gt;BIG-IP-&gt;server is encrypted on the wire and passthru

I think this gets you most of the way to where you want to go. You will likely want to communicate the state differently than I did, but the code is here now in the codeshare for you to adjust as you see fit.

Forum Discussion

How to filter VIP with SSL method

1 Reply

Recent Discussions

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Related Content

Load balancing method specific decision

URI Keyword And HTTP Method Filtering

HTTP method conversion

BGP - filtering kernel redistribution

TLS Fingerprinting - a method for identifying a TLS client without decrypting