Forum Discussion

Qasim's avatar
Qasim
Icon for Cirrostratus rankCirrostratus
Jun 12, 2019

Sending traffic to pool nodes on Secure port?

Hi,

 

Just need a little information on how the LTM works when sending traffic to pool nodes. I want to offload ssl on LTM but also want to use secure port for backend nodes.

 

E.g. I want VS to use port tcp/443 but backend pools on 1443, 8443 and other Secure ports. this is so I can use IRULES to manipulate http headers. Also, would I need to install a certificate on the LTM for backend nodes as well?

 

 

I look forward to hearing from you soon.

 

Regards,

  • SSL offloading is when SSL is terminated on F5 on the client-side. This requires a client-ssl profile and HTTP profile assigning to the virtual server.

     

    To re-encrypt traffic to your pools you will need to use a server-ssl profile to encrypt the server-side connection.

    Using this method you can manipulate HTTP headers as F5 is in the middle of each SSL termination and is able to provide end to end encryption

     

    K14806: Overview of the Server SSL profile (11.x - 15.x)

    https://support.f5.com/csp/article/K14806

  • You do not need a root certificate for the server side connection, as F5 by default does not care about the validity of the server side certificate

  • Qasim's avatar
    Qasim
    Icon for Cirrostratus rankCirrostratus

    thanks Lee for your swift response. one more question sorry, would I need to install the root cert somewhere to validate the Public key presented by the backend server to the LTM? if so, where in the f5 will I need to install that certificate?

     

    Kind regards,

  • Qasim's avatar
    Qasim
    Icon for Cirrostratus rankCirrostratus

    Nice one Lee. really appreciate you explanation.