How to remain the client to the same pool member in the https traffic if not enable ssl profile in F5?
I have tried cookie persistence but failed because I don't enable client ssl profile. I have try source address persistence but it's not working if client ip was changed.
I think you can try terminating SSL connection by adding SSL profile, as the best way for http persistence is the cookie option. And as you mentioned, you cannot use it without SSL profile.
or you can try changing the source address settings to increase the mask from /32 to /24 for example, to match on larger range of IPs instead of one. so if a client IP changed but within the subnet, F5 can still find a match for the client.
Hi @williamcs ,
Like @Mohamed_Salah_ recommended in Source address affininty method.
Just I want to add , if you don't want to do any ssl terminations through F5 bigip.
I recommend to use ssl-proxy feature with adding ( Client and server ssl profiles ) , using this bigip will let the backend servers to do ssl negotiations and bigip will be in between ( client - servers ) and see the http payload dycrypted but without any actions or participating in ssl negotiations.
So using this you can meet your current deployment of making bigip not to negotiate on ssl and bigip will be able to insert cookie persistence.
ssl-proxy is very useful when you want to secure your application through AWAF policies without terminating ssl connections , also u can use it to work with irules or inserting cookies ,
in the following article , you will know how to deploy SSL-PROXY feature with steps :