Forum Discussion
PeteWhite
Jan 29, 2019Employee
OK, these are the fundamentals of deploying F5 and you have to remember that there are a LOT of ways to deploy but i'll give you some general points here. What you have described is the standard reverse proxy, the bit that you need to decide is where to apply the SSL certificate.
Your options are:
SSL offload
- the F5 holds the SSL certificate, internal communication can be either cleartext or SSL. The benefit of this is that you hold the certificate in only one place so updates are easy, you reduce load on servers if you do internal cleartext and you can see the userplane traffic so you can do layer 7 features such as Host based routing. I would say that this is the most common use case.
SSL passthrough
- this is where the F5 acts as a layer 4 proxy and passes the SSL straight through to the server. This is very simple, the F5 is only acting at layer 4, doing loadbalancing across the servers. For multiple services, each service would have a separate IP address ie no Host-based routing on the F5.
If you want more detailed design discussion then you can talk to your reseller or F5 Professional Services about a design workshop etc