F5 Big-IP with SSL and TCP keepalives
We have an application which includes a persistent SSL connection from a remote endpoint to a central server. These connections are long-running and use TCP keepalives to monitor the health of the long running connections. Because these connections may run over wireless networks with associated data charges, the application can adjust the frequency of keepalives dynamically.
We first set this up using a F5 Big-IP to perform load balancing. The configuration consisted of a virtual server with a profile that included fastL4, loose initiation, and loose close. The TCP keepalives were passed along by the F5 and everything worked great. This solution requires SSL to be handled in our application, which is not ideal.
We started exploring using the F5 to terminate SSL, however the use of the clientssl profile precludes the use of fastL4 and causes the F5 will respond to keepalives rather than passing them through. In reading the various online documentation, it seems like there is no way to have the F5 pass through a keepalive when terminating SSL. Before I give up completely, I thought I'd ask the community if there was anything I may have missed that could support this requirement. Thanks!