Forum Discussion

IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
Feb 17, 2020
Solved

When HTTP URL hitting the Virtual server with client SSL profile on port no 500, Will it accept the traffic?

Hi ,   any one guide what exactly happens here, it is not working, but i need to know is it possiable to make it work for both HTTP and HTTPs for VIP with client SSL profile   URL:   http...
application delivery
BIG-IP
LTM
  • Rodrigo_Albuque's avatar
    Rodrigo_Albuque
    Feb 18, 2020

    A virtual server is an IP:port listener so it's perfectly possible to make it accept traffic in whatever port you want. If you configure your virtual server as IP:500, it will accept traffic. However, if you add a Client SSL profile to it, then BIG-IP expects to receive a Client Hello after TCP 3-way handshake completes. If it doesn't, BIG-IP rejects the connection. The only exception to this is if you explicitly enable allow-non-ssl setting on Client SSL profile. Then, it should allow any other kind of traffic go through. Hope it helps.

    Rodrigo

     

Rodrigo_Albuque's avatar
Rodrigo_Albuque
Icon for MVP rankMVP
Feb 18, 2020

A virtual server is an IP:port listener so it's perfectly possible to make it accept traffic in whatever port you want. If you configure your virtual server as IP:500, it will accept traffic. However, if you add a Client SSL profile to it, then BIG-IP expects to receive a Client Hello after TCP 3-way handshake completes. If it doesn't, BIG-IP rejects the connection. The only exception to this is if you explicitly enable allow-non-ssl setting on Client SSL profile. Then, it should allow any other kind of traffic go through. Hope it helps.

Rodrigo

 

  • IRONMAN's avatar
    IRONMAN
    Icon for Cirrostratus rankCirrostratus
    Feb 18, 2020

    Thanks, So i can allow the non ssl traffic.