Forum Discussion

Poseidon1974

Cirrostratus

Jan 02, 2023

Persistence session

Hi all , I am new in the F5 administration, I share my configuration here, I hope someone can help me, I have configured a VS as standard, with a persistence session (JSESSION), via an iRule, howeve...

security

Poseidon1974

Cirrostratus

Jan 08, 2023

Hi ,

Thank you for this detailed answer, however my need is to know, how to make session persistence work, obviously as long as the certificate is on the server and not on the F5, it will not work. because the traffic will not be decrypted by the F5. you tell me, i can export the certificate currently configured on the server to the F5? how ?

Thanks,

mihaic

MVP

Jan 08, 2023

First, you need to make the VIP decrypt the traffic. So you need an SSL certificate to terminate the HTTPS sessions on the VIP side.

After that, you will need an irule. Here is an example:

The following iRule example illustrates how the BIG-IP system can find a cookie called jsessionid in the first response from the server and add a persistence record with the value of that cookie. Subsequent client requests containing the same cookie name and value pair persists to the same pool member.

when HTTP_RESPONSE {
  if { [HTTP::cookie exists "JSESSIONID"] } {
    persist add uie [HTTP::cookie "JSESSIONID"]
  }
}
when HTTP_REQUEST {
  if { [HTTP::cookie exists "JSESSIONID"] } {
    persist uie [HTTP::cookie "JSESSIONID"]
  }
}

https://support.f5.com/csp/article/K7392

If you need the traffic to the server from the F5 to be also encrypted you will need an SSL server profile.

https://support.f5.com/csp/article/K14806

here is how to export a SSL cert:

https://manage.accuwebhosting.com/knowledgebase/1240/How-to-export-an-SSL-certificate-from-Apache-server.html

here is how to import it:

https://my.f5.com/manage/s/article/K14620