SSL Bridging
--> Client SSL Profile only encrypts the traffic between Client and F5 LTM.
--> It does not encrypt the traffic between F5 LTM and Real Server.
--> But if there is a requirement that the traffic between LTM and the real server also need to be encrypted then in that case we use SSL Bridging.
--> SSL Bridging or SSL Termination allows the traffic between LTM and Real Server to be encrypted before sending.
--> In order to enable SSL Bridging, we need to create SSL Server Profile and assign it to the Virtual Server in addition to Client SSL Profile.
--> Once you apply Client SSL and Server SSL Profile to the Virtual Server, F5 LTM Creates two encrypted sessions:
i) Encrypted Session between Client and F5 LTM. ( Client SSL Profile)
ii) Encrypted Session between F5 LTM and Real Servers ( Server SSL Profile)
--> We can use different Certificates for different Sessions in F5 LTM.
--> For example, We can use SSL Certificate with higher key length on Client SSL Profile and SSL Certificate with lower key length on Server SSL Profile.
--> Client SSL Profile only encrypts the traffic between Client and F5 LTM.
--> It does not encrypt the traffic between F5 LTM and Real Server.
--> But if there is a requirement that the traffic between LTM and the real server also need to be encrypted then in that case we use SSL Bridging.
--> SSL Bridging or SSL Termination allows the traffic between LTM and Real Server to be encrypted before sending.
--> In order to enable SSL Bridging, we need to create SSL Server Profile and assign it to the Virtual Server in addition to Client SSL Profile.
i) Encrypted Session between Client and F5 LTM. ( Client SSL Profile)
ii) Encrypted Session between F5 LTM and Real Servers ( Server SSL Profile)
--> We can use different Certificates for different Sessions in F5 LTM.
--> For example, We can use SSL Certificate with higher key length on Client SSL Profile and SSL Certificate with lower key length on Server SSL Profile.
--> SSL Bridging Concept needs to be applied on Correct Pool on F5 LTM. ( Only For pool with HTTPS traffic)
Ref:--F5.com
No comments:
Post a Comment