Forum Discussion

Brett_Verney_29's avatar
Brett_Verney_29
Icon for Nimbostratus rankNimbostratus
Oct 05, 2017

SSL Passthrough to NDES Server

Hi all,

 

I have a client who is using a BIG-IP appliance as a reverse proxy, if you will. They plan to put a MS NDES server behind the BIG-IP, which accepts connections from clients on the Internet. However they don't want the BIG-IP to terminate SSL, they want the NDES server to do this. I understand we lose SSL inspection capabilities.

 

How is this setup from a Virtual Server Perspective?

 

Do I even need an SSL certificate on the F5 for this connection?

 

What about client/server SSL profiles? Do these need to be specified?

 

Thanks in advance,

 

Brett

 

  • Hello Brett,

     

    When managing SSL traffic you have 3 options:

     

    1) SSL Offloading => you need to assign a clientssl profile and no serverssl profile on the VS (Standard VS Type)

     

    2) SSL Bridging => you need to assign both clientssl profile and serverssl profile on the VS (Standard VS Type)

     

    3) SSL Passthrough => you don't need to use any SSL Profile on the VS. If it is an HTTP server you can use "Performance (HTTP)" VS type, or "Performance (Layer 4)".

     

    Hope it helps

     

    Please give me a feedback

     

    Regards