We have two web proxy's that we would like to load balance with our F5, how should this look in terms of options for persistence profiles and anything else that would need configuring please?
Asking this question is too general as if the SWG devices sync the sessions between each other persistance may not be needed etc.
thanks for the reply, its an LTM not SWG we're using if that makes a difference?
my misunderstanding too, assumed persistence profile were related to pool members not the actual active standby f5 boxes?
will review docs but thank you again
29-Jun-2022 10:46 - edited 29-Jun-2022 10:52
You misunderstood me. When I said SWG I did not mean F5 SWG but all proxy devices like Symantec, F5 SWG, etc. When you say web proxy I think of forwarding web proxy SWG devices. The persistence works for pool members not for active/standby devices. Better read the F5 LTM Implementations guide as it has many examples and the F5 LTM operations guide.
Still for web proxy traffic it depends if F5 decrypts the traffic as if it does not then cookie persistance is not an option and the web proxy may remove it so it does not work so great with proxy devices. You can play with using SSL persistanse as the traffic now is HTTPS and there is almost no HTTP and as a backup persistance method source address or destination address but as I mentioned that depends on your web proxy devices. If you use wildcard F5 Virtual server as one article for the cisco proxy I shared the destination address persistance will be the best as the web cache servers link I shared below. If there is NAT or other proxy device before the f5 device then don't even consider source address. Better check the guides first.
Using SSL session ID persistence (f5.com)
Exactly how Destination Address Affinity persisten... - DevCentral (f5.com)
Source address persistence supersedes cookie persistence (f5.com)