Forum Discussion

MustphaBassim's avatar
MustphaBassim
Icon for Cirrus rankCirrus
Nov 14, 2022
Solved

User access to servers

Hello Dears

i have mluti servers working with different ports like 8080 , 8090 ... etc and all of them are load balnacing using F5 i am asking if it's double to make user reach the servers using starndered 443 port and the F5 make the connnection to correct for exmpale

web1.abc.com would be to 8080

web2.abc.com would be to 8090

Best Regards

application delivery
load balancing
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Nov 15, 2022

    Very well , 

    Change " service port 0 " to your needed port "7134" 
    This mandatory in your Case. 
    > Virtual server "100.68.0.8" listens on 443 , it performs destination NAT to both Pool_members "100.66.0.8" and "100.66.0.7". 
    But What about the port translation , 
    443 port can not be translated to port "0" , Port "0" means any. 
    so in this case , F5 does not perform a Port address translation it transfer the traffic on Port 443 as it is without translation to port 7134. 

    > so the needed action is to change "0" to 7134 on both of pool members. 
    Thats why you access it when configuring the virtual server to listen on port 7134 not 443 as you did recently. 

    try it and tell me. 
    it will work isa. 

27 Replies

Sort By
  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Nov 14, 2022

    MustphaBassim That is definitely doable and you would just want to make sure that you are binding the appropriate SSL cert on the F5 so you can make the appropriate load balancing decision on the server side of the connection.

    • MustphaBassim's avatar
      MustphaBassim
      Icon for Cirrus rankCirrus
      Nov 14, 2022

      Hello Dears and thnx for reply but the problem is i am using wide card certificate with for all domains

      • Mohamed_Ahmed_Kansoh's avatar
        Mohamed_Ahmed_Kansoh
        Icon for MVP rankMVP
        Nov 14, 2022

        Hello MustphaBassim ,

        • As Paulius said it is doable , to use 443 in your Virtual server with a client ssl certificate , F5 forwards the traffic to 8080 or 8090 by default without issues. 
        • The question is , do you use " *.xyz.com" as a wildcard certificate or what ? 
        • Also make sure that you have changed the FQDNs "hostnames" or the DNS records to the f5 virtual server ips or if you have a perimeter firewall before f5 , review the destination NAT rules to make sure that the firewall perform the destination nat to the correct virtual servers on f5.

        Don't worry about that , it will work with you as your request is the most deployed on f5. 

        If not working with you , clarify more your request. 

        Regards