send HTTPS without descrypt

Question

Hi, I client asked me about if it is possible to balancing https traffic without decrypt the packets in our F5. He doesn´t want our F5 open his packets.
Is it possible send https traffic directly to his servers?
My F5 is a big-ip 4000&nbsp;
Thanks&nbsp;
Matias  &nbsp;

leonardo_souza · Answer

Yes, just don't add any clientssl or serverssl profile to the virtual server.
The SSL handshake, encryption, and decryption will be handled by client and server.&nbsp;
Don't forget that as you are not able to see the HTTP payload, you can't add a HTTP profile to the virtual server, neither you can use cookie persistence for example.&nbsp;

janholtz · Answer

Sure.
If you need to proxy TCP then a standard virtual server will do the trick.&nbsp;
If no tcp proxying is needed, use a FastL4 profile, where only destination (and possibly source) address and ports are changed by the F5.&nbsp;
//Jan&nbsp;

Forum Discussion

send HTTPS without descrypt

2 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

HTTP Multipart and Security Implications

HTTPS to HTTP

iRule to take cookie from HTTP Response into HTTP Request via table

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB