NimbostratusWIll I need to update my SSL certificate with F5 VIP ip's if I plan to use the F5 to passthrough SSL traffic.
Clients will connect to the F5 VIP's but SSL will be handled by the pool members.
CirrocumulusIn that case you won't have a client or server ssl profile on the VIP and you don't need to do anything with the certificates.
N
NimbostratusThanks Nathan. If the F5 uses SNAT, this means the backend pool servers see all connections with a source address of the F5 self ip. Are the back end servers bothered about the source address? I guess not a the SSL cert is essentially a public key isnt it? (Apologies for my lack of knowledge but SSL certs and SSL pass through are new to me)
Cirrocumulus"If the F5 uses SNAT, this means the backend pool servers see all connections with a source address of the F5 self ip" - yes, floating (if exists) takes precedence over the non-floating one. The backend server shouldn't care - this setting will ensure all traffic is returned to the big-ip when the server's default gateway is something else.
You'll need an SSL/TLS certificate and key on the backend web server to decrypt the traffic.
Rgds
N
NimbostratusThe SSL cert exists today but native loadbalancing isnt workig as expected so the F5's have been asked to provide loadbalancing with SSL pass through.
So I think your saying there should be no changes needed to the SSL cert's in use today on clients and backend servers?