ssl pools

Question

Hi, i dont even know if this is a supported config. We have a VIP listening on TCP443 thats doing ssl offload (certificate on LTM too) and we want the traffic sent to a pool with its members listening on TCP443 too. Have tested and it doesnt work. Does it need and specific ssl profiles or health monitors?

nathe · Answer

If the backend pool members are expecting SSL then you need add a Server SSL Profile to the VIP config. The default serverssl profile should do it (in most cases).&nbsp;
Hope this helps,&nbsp;
N&nbsp;

jad_tabbara__j1 · Answer

Hello Cymru, &nbsp;
Please verify that you have applied a client SSL profile and a server SSL profile on the VS. &nbsp;
Just to clarify, when you say "SSL Offloading" this means that you only encrypt trafic between the "client and the VIP". In this case you will only put an "client SSL profile" on your VS&nbsp;
But if your backends/servers listen on 443 I think that they probably wait for an SSL handshake from the F5. So you will need to add also "server SSL profile" on your VS.¨&nbsp;
Regards&nbsp;

Forum Discussion

ssl pools

2 Replies

Recent Discussions

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

Related Content

SSL Profiles

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

SSL protocol mismatch

SSL Profiles Part 6: SSL Renegotiation