Irule

Question

IRules assiantace Required&nbsp;
when VS:7443 it send traffic to pool (server1:443)
when VS:8443 it send traffic to pool (server2:443)
when VS:9443 it send traffic to pool (server3:443)&nbsp;
But all cases i want  server-side encryption only&nbsp;

youssef1 · Answer

Hi,&nbsp;
Why you don't create 3 VS:&nbsp;
VS:7443 (pool1: server1:443)VS:8443 (pool2: server2:443)VS:9443 (pool3: server3:443)
And on each VS you set only server-ssl profile without client-ssl profile (because you want server-side encryption only).&nbsp;
It's more simple and easy to maintain. More you can manage health check independently for each node...&nbsp;
Let me know if this solution satisfies you.&nbsp;
Regards,&nbsp;

crodriguez · Answer

If I'm reading your question correctly, you want unencrypted client traffic arriving to a single destination IP address but different ports to be load balanced to an appropriate server and encrypted on the server-side. (So encryption only on the server-side connection, not on the client-side.) You don't need an iRule to do this traffic direction. Just define three separate virtual servers, each listening on a different port (7443, 8443, and 9443) that load balance to their respective port 443 pool member. (In other words, you can define three different virtual servers at the same IP address but listening at different ports.) Make sure each virtual server also has an appropriate server-SSL type profile configured with the necessary certs to be able to handshake properly with the 443 servers on the server-side connection.

Forum Discussion

Irule

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

irule

Avoiding Common iRules Security Pitfalls

Simple Sideband - iRule sideband the easy way

GSLB Split DNS by iRule

Live Coding with iRules - Heatmaps!