Forum Discussion
Mar 26, 2019
I see the configuration you describe very regularly in Production.
A single VIP with multiple client SSL profiles leveraging SNI, and an iRule/local traffic policy forwarding traffic to different pools based on the HTTP host header in the request.
I have not seen any noticeable issues with a deployment such as this. I think one thing to be potentially aware is source port exhaustion if you have SNAT automap enabled and a minimal number of self IPs (you can create additional self IPs / use a SNAT pool to overcome this issue). The other complexity that may arise is if you have sites that require different SSL termination methods (e.g. 1 site needs SSL offload while another needs SSL bridging)