why can't we use Performance L4 VS for SSL bridging .

Question

Why can't we use serverssl profile with Performance L4 Virtual server type ?What is the reason behind that  ?&nbsp;

yoann_le_corvi1 · Answer

Hi Sajan&nbsp;
SSL/TLS sits "on top" of TCP. And FastL4 vs takes care only of the connection part of TCP. Not layers above. That's why.&nbsp;
If you need more perf (and less control over L7 layer) you could use Performance HTTP.&nbsp;
Any precision required let us know...&nbsp;
Yoann&nbsp;

kai_wilke · Answer

Hi Sajan,&nbsp;
the reason for this is, that just the Standard Virtual Server is able to establish two independend TCP sessions (client / server side) to negotiate the SSL/TLS channels on each of the sides correctly. A Performance L4 Virtual uses just one TCP session in pass-through mode...&nbsp;
K12015: Configuration requirements for SSL virtual servers, profiles, pools, and monitors&nbsp;
https://support.f5.com/csp/article/K12015&nbsp;
K8082: Overview of TCP connection setup for BIG-IP LTM virtual server types&nbsp;
https://support.f5.com/csp/article/K8082&nbsp;
Cheers, Kai&nbsp;

Forum Discussion

why can't we use Performance L4 VS for SSL bridging .

2 Replies

Recent Discussions

The best load balance method on this scenario?

SMS server with BIGIP

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Related Content

SSL Bridging verification

Integrating SSL Orchestrator with CheckPoint Firewall VM-Bridge Mode (L2)

Understanding Performance Metrics and Network Traffic

Performance Logging iRule (Rule_http_log)

Security First, Performance Always: How F5 Drives Citrix VDI Excellence in Application Delivery