Hello Dears and thnx for reply but the problem is i am using wide card certificate with for all domains

Hello @MustphaBassim ,

• As @Paulius said it is doable , to use 443 in your Virtual server with a client ssl certificate , F5 forwards the traffic to 8080 or 8090 by default without issues. 
• The question is , do you use " *.xyz.com" as a wildcard certificate or what ? 
• Also make sure that you have changed the FQDNs "hostnames" or the DNS records to the f5 virtual server ips or if you have a perimeter firewall before f5 , review the destination NAT rules to make sure that the firewall perform the destination nat to the correct virtual servers on f5.

Don't worry about that , it will work with you as your request is the most deployed on f5. 

If not working with you , clarify more your request. 

Regards 

hello dear, the certifcate is wild card one and also for NAT the servers are local access and there is no NAT in the middle the message go to F5 from users direct

@MustphaBassim ,

Well , could you please figure out your scenario.  

Also , do you want web1 and web2 in the same pool or separate pool , I mean do you make f5 loadbalance between them by using single virtual server or 2 virtual servers , one for 8080 service and the other for 8090. 

Please send more clarification 

each server has it's own virtual server and each one of the web1 and web2 are in separate pool

Well , 

Have you created a dns A record to points to each virtual server ip on f5. 

I mean 

Web1.abc.com = virtual server ip 

> Also , have you created a client ssl profile contains " ssl wildcard certificate and key " and attached it to your Virtual server , I expect that the wildcard certificate like  "*.abc.com".

> Also make sure you make the virtual servers listen to port 443. 

> make sure that you configure SNAT " Auto map " or "SNAT pool" 

If the gateway of your servers isn't F5 , so configure source nat. 

Make sure for all of the above and send the feedback. 

hello dear

yah i did the above steps but still not working , when i put the server on 443 it's not response and when back to orignal port it is working fine

Hi @MustphaBassim , 
  Make sure that the Configuration on your Virtual server Like these snap shots : 

> in last snapshot : Address translation and Port Translation , both should be enabled. 
you find it when clicking advanced not Basic under configuration section.

See it and send your Feedback.
or send a snap shot from your Configuration if this available with you. 
 

hello dear

plz find the screenshoots

@MustphaBassim , 
 Do you use certificate on Backend servers " 8080 and 8090" 
if not , 
you need to remove server ssl certificate " ssl server profile ". 
Do it and send your feedback. 

it is still the same 😞

@MustphaBassim , 
issue this command on CLI , tmsh : 

(tmos)#show sys connections cs-server-addr 100.68.0.8 
 
Put this command during accessing this virtual server 
you should see the Active Connection From your Device ip so get your ip first from your Windows cmd and send results.

@MustphaBassim 

Please send the error that appeared when trying to access this Virtual server. 

hello dear

thnx for reply

Hi @MustphaBassim , 
  have you issued this this command " show sys connections cs-server-addr 100.68.0.8" 
while accessing your virtual server I mean at the same time. 
if you did that , there is an issue between you as a client and F5. 

> issue this command on bash prompt : 
#curl -v "Pool_member_ip":Port_number 
if your got a data from server , so there is  no issue between F5 and servers "Pool_members"

> maybe it is a DNS resolution problem  ,so try this procedure as a test : 
Go to hosts file on your PC " C partition > windows > system 32 > drivers > etc > hosts files " 
add this Record by any text editor : 
fm.tabadul.iq = 100.68.0.8 
after that , make sure that your hostname FQDN"fm.tabadul.iq" is resolved to 100.68.0.8
Test to browse this url again from incognito window. 
if it works with you , exclude F5 from the issue and check your DNS configuration. 
delete the new added record from hosts file. 

> Last thing , the network connectivity between your Pc and F5 vitrual server "100.68.0.8" 
-execute a #ping 100.68.0.8 on your windows to test your reachabitlity between you and F5. 

Tell me after finishing. 

waiting your Feedback. 

hello dear

this is the reply of curl , i check the ping it's working and for dns as i see the dns server is able to translate the fm.tabadul.iq to the IP of virutal server that set in F5

Have you tried to access the pool members directly without f5. 

• Try http://100.66.0.6:7134/SVFM/

You should reach it. 

> do you use a certificate on servers ?

From my PC I do not have access to it as web put ping I am able to do it

yes the server has it's own self sign certificate

okay , 
> Put a serevr ssl profile in " 100.68.0.8" virtual server. 
in still not working, 
> you will take a packet capture 

tcpdump -nnnveti 0.0:nnnp host "your_PC_IP_address"  -s0 -S -w /var/tmp/name_of_the_file.pcap

> Do not forget to put your IP address in this feild  "your_PC_IP_address" not Virtual server in tcpdump this command. 
> after this command we can see the connections from your Pc to F5 and from F5 to Backend servers and the returned Path as well. 
First take it , when it is done with you and you could capure these traffic , notify me , I will send so filters in Wireshark to view this behavior.

Regards

here it is the file for wireshark

https://mega.nz/file/ozI3laAQ#4aMeivOXWIXNT7YW51qe-LclSt-0lm4YSvA1x6xPQ6s

very Well , 
 

No Issues From your PC and F5 , F5 take your traffic and directs it to "100.66.0.8" and it uses one of SNAT pool IPs "100.68.0.117". 

> the issue is between F5 and server "100.66.0.8" , F5 sends the traffic to it on port 443 not 7134 as configured on your server , so server "100.66.0.8" resets this connections  because it has not 443 "https" service on it and it uses 7134 even if you assign a self certificate on server but it listens on port 7134. 

> Please send a snap shot from "100.66.0.8" pool member configuration , something wrong with it 
check it and tell me. 

here they are

finally it's worked thanx very much for your kind support

Greet News @MustphaBassim , 
   I am happy for you and this good troubleshooting as well. 
Most welcome bro 🤝