27-Mar-2023 02:38
Good day,
We require a configuration that sends as an example ports 7001 - 7999 to a pool of backends servers.
The idea is to create a wildcard VIP (client ssl) and pool. Allow only those ports to connect to the VIP and load balance to the backend servers with the port it connected on.
How would we be able to go about creating a policy to achive this configuration?
Thanks for helping
Solved! Go to Solution.
27-Mar-2023 10:40
Hi @Chause1,
as an alternative you could use a Port List. Simply create on in Shared Objects ›› Port Lists.
And assign it to the virtual server.
KR
Daniel
28-Mar-2023 01:55
27-Mar-2023 07:49
27-Mar-2023 09:33
28-Mar-2023 01:31
Hi @Chause1 ,
You have to modify policy 1 and change Apply to traffic: local for both rules:
Hope it´s work.
28-Mar-2023 01:55
Thanks,
Would a client SSL profile have any influance on the traffic?
We receive traffic encypted and need to decrypt to backends. I think this is causing my headace at the moment
28-Mar-2023 02:41
Hi @Chause1 ,
Yes, you have to load the certificates to decrypt the traffic, because if you apply an HTTP profile without SSL certificates it gonna fail.
28-Mar-2023 02:55
Hi,
I have setup the policy as follows
When I run a curl I receive:
* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
* Closing connection 0
curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
I am still able to telnet t the VIP on any of those ports
28-Mar-2023 02:56
I am connecting on port 7791.
Am I wrong to be expecting a RST only or that Telnet should not work to any of those ports?
30-Mar-2023 00:19
Seems that the rule worked as expexted.
We decided to go the data group route.
Thanks for your time and input
27-Mar-2023 10:40
Hi @Chause1,
as an alternative you could use a Port List. Simply create on in Shared Objects ›› Port Lists.
And assign it to the virtual server.
KR
Daniel
28-Mar-2023 01:55
Thanks Daniel,
Will give it a go
30-Mar-2023 00:17
Worked like a charm!!!
Thanks!!