F5 Help - Routing HTTPS external to internal web traffic?

Employee

Jan 29, 2019

OK, these are the fundamentals of deploying F5 and you have to remember that there are a LOT of ways to deploy but i'll give you some general points here. What you have described is the standard reverse proxy, the bit that you need to decide is where to apply the SSL certificate.

Your options are:

SSL offload

- the F5 holds the SSL certificate, internal communication can be either cleartext or SSL. The benefit of this is that you hold the certificate in only one place so updates are easy, you reduce load on servers if you do internal cleartext and you can see the userplane traffic so you can do layer 7 features such as Host based routing. I would say that this is the most common use case.

SSL passthrough

- this is where the F5 acts as a layer 4 proxy and passes the SSL straight through to the server. This is very simple, the F5 is only acting at layer 4, doing loadbalancing across the servers. For multiple services, each service would have a separate IP address ie no Host-based routing on the F5.

If you want more detailed design discussion then you can talk to your reseller or F5 Professional Services about a design workshop etc

Forum Discussion

F5 Help - Routing HTTPS external to internal web traffic?

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Using F5 for load balancing internal traffic

Create isolated environment for internal and external networks

Redirecting to an external site when the internal site is down

CSV to Address External Datagroup File

2 internal server vlans