SSL Bridging
--> Client SSL Profile only encrypts the traffic between Client and F5 LTM.
--> It does not encrypt the traffic between F5 LTM and Real Server.
--> But if there is a requirement that the traffic between LTM and the real server also need to be encrypted then in that case we use SSL Bridging.
--> SSL Bridging or SSL Termination allows the traffic between LTM and Real Server to be encrypted before sending.
--> In order to enable SSL Bridging, we need to create SSL Server Profile and assign it to the Virtual Server in addition to Client SSL Profile.
--> Once you apply Client SSL and Server SSL Profile to the Virtual Server, F5 LTM Creates two encrypted sessions:
i) Encrypted Session between Client and F5 LTM. ( Client SSL Profile)
ii) Encrypted Session between F5 LTM and Real Servers ( Server SSL Profile)
--> We can use different Certificates for different Sessions in F5 LTM.
--> For example, We can use SSL Certificate with higher key length on Client SSL Profile and SSL Certificate with lower key length on Server SSL Profile.
--> SSL Bridging Concept needs to be applied on Correct Pool on F5 LTM. ( Only For pool with HTTPS traffic)
Ref: F5.com
Md.Kareemoddin
CCIE # 54759
--> Client SSL Profile only encrypts the traffic between Client and F5 LTM.
--> It does not encrypt the traffic between F5 LTM and Real Server.
--> But if there is a requirement that the traffic between LTM and the real server also need to be encrypted then in that case we use SSL Bridging.
--> SSL Bridging or SSL Termination allows the traffic between LTM and Real Server to be encrypted before sending.
--> In order to enable SSL Bridging, we need to create SSL Server Profile and assign it to the Virtual Server in addition to Client SSL Profile.
--> Once you apply Client SSL and Server SSL Profile to the Virtual Server, F5 LTM Creates two encrypted sessions:
i) Encrypted Session between Client and F5 LTM. ( Client SSL Profile)
ii) Encrypted Session between F5 LTM and Real Servers ( Server SSL Profile)
--> We can use different Certificates for different Sessions in F5 LTM.
--> For example, We can use SSL Certificate with higher key length on Client SSL Profile and SSL Certificate with lower key length on Server SSL Profile.
--> SSL Bridging Concept needs to be applied on Correct Pool on F5 LTM. ( Only For pool with HTTPS traffic)
Ref: F5.com
Md.Kareemoddin
CCIE # 54759
No comments:
Post a Comment