Forum Discussion

Pihu_294516's avatar
Pihu_294516
Icon for Altostratus rankAltostratus
Aug 09, 2018

SSL Passthrough, SSL Offloading and SSL Bridging

Hi all,

 

Can anyone help me understand how to configure VIPs SSL Passthrough, SSL Offloading and SSL Bridging scenarios? What components are taken into consideration for each of the requirement as in VIP type, Pool member health monitor, Client and Server SSL profile, Client and Server Protocol profiles, HTTP profile and persistence if any.

 

Thanks.

 

  •  

    1-) SSL Offloading: It means that client to F5 traffic is encrypted, SSL ends on F5, then clear text traffic goes through from F5 to server. ClientSSL profile is needed and http monitor is used for servers. You can also add http profile and optimize traffic according to Layer 7 traffic. Cookie persistency can be used.

     

    2-) SSL Bridging: It means that client to F5 traffic is encrypted, and F5 to server traffic is encrypted. But each site has separate SSL session. ClientSSL and ServerSSL profile are needed, https monitor is used for servers. You can also add http profile and optimize traffic according to Layer 7 traffic. Cookie persistency can be used.

     

    3-) SSL passthrough: It means that F5 only load balances traffic at TCP level and SSL ends on Servers. You should NOT add clientSSL and serverSSL profile. You CANNOT use http profile, therefore you CANNOT optimize layer 7 traffic. Cookie persistency CANNOT be used.