We are using the LTM to load balance remote RDP sessions into 2x RDP Gateway servers. The virtual server uses port 443 with SSL Bridging enabled so Client to LTM is SSL session 1 and LTM to server is SSL session 2. All is working fine. Packet captures confirmed that 2x SSL sessions are being created.
2 days ago we did RDP Gateway failover testing. The idea being that when one of the RDP Gateways went down the F5 health monitors would detect that the server went down and would then tear down the SSL session between itself and the RDP Gateway server and create a new session to the remaining RDP Gateway in the pool.
This did not happen. The F5 did not do anything with the current SSL session between itself and the failed RDP Gateway server. The end user was left with a frozen RDP session and then the F5 session timed out. The user had to reconnect again and the F5 forwarded the new connection to the other RDP Gateway server in the pool.
Question: Is the F5 capable of failing SSL sessions over to another pool member if a pool member dies? We thought this would be possible with SSL Bridging due to the fact that the F5 creates a 2nd session from itself to the server? Is there an iRule that can make this happen? The 'Acction on Service Down' feature does not work with TCP/SSL connections.
@socvirgin23 The way this behaves depends on the health monitor timeout and action on service down. I will say that the session will not failover unless on the RD Gateway side you have a way of tracking this RDP over HTTPS session.