f5 secure web gateway
2 TopicsCustom session stickiness or a standard case?
Hello all, I have a somewhat unusual setup, which I inherited. It is for providing Citrix services, which comprise of a web frontend (HTTPS) and ICA protocol The traffic flow is thus: client >> BigIP LTM >> 4 x Reverse Proxy Nodes >> various Backend servers (backend is however not relevant, the problem is between the BigIP and reverse proxy) My goal is to have session stickiness so that the HTTPS and ICA protocol both pass through the same reverse proxy node. I see there are lots of options for this, but I would just like some feedback about what is needed. The problem currently, is that the two protocols are sent to different virtual servers and then forwarded to different pools: HTTPS protocol > virtual server1 > Pool1 ICA protocol > virtual server2 > Pool2 Pool1 and Pool2 both send traffic to the same 4 reverse proxy nodes, but to different virtual IPs. So the load balancer cannot recognize they are in fact the same destination. There is no SSL offloading on the BigIP, so no session information is available to create persitence via a cookie or URL path. The BigIP does however see the original source IP address. What is needed to create persistence for sessions across the pools? Would a simple source address persitence profile apply to all virtual servers where it is enabled across the whole BigIP config? Or does it only apply to the one individual virtual server? If it does not apply across all the configuration, then I assume I need to write an irule that associates the IP of reverseproxy1 in pool1 with the IP of reverseproxy1 in pool2 - or is there an easier way? Thank you in advance for your help! Peter PS - it would also be possible to change the reverse proxy pools to forward from the BigIP to the reverse proxy nodes on different ports - eg rp1:443 - HTTPS rp1:8443 - ICA, but I would prefer not to change unless it is really necessary399Views0likes1CommentNeed Latest (11.6) Secure Web Gateway iApp
Hi all, I'm desperately trying to find the latest release of the SWG iApp (f5.secure_web_gateway.v1.1.0 for 11.6) supposedly recently published early January. This iApp allows selection of a Per-Request Policy selection (as this has been brought with 11.6.0). The only one I was able to find and test is the previous version for 11.5 (f5.secure_web_gateway.v1.0.10) Thanks for your help, Pascal.325Views0likes15Comments