Forum Discussion

IRONMAN's avatar
Icon for Cirrostratus rankCirrostratus
Feb 17, 2020

When HTTP URL hitting the Virtual server with client SSL profile on port no 500, Will it accept the traffic?

Hi ,


any one guide what exactly happens here, it is not working, but i need to know is it possiable to make it work for both HTTP and HTTPs for VIP with client SSL profile







  • A virtual server is an IP:port listener so it's perfectly possible to make it accept traffic in whatever port you want. If you configure your virtual server as IP:500, it will accept traffic. However, if you add a Client SSL profile to it, then BIG-IP expects to receive a Client Hello after TCP 3-way handshake completes. If it doesn't, BIG-IP rejects the connection. The only exception to this is if you explicitly enable allow-non-ssl setting on Client SSL profile. Then, it should allow any other kind of traffic go through. Hope it helps.



  • A virtual server is an IP:port listener so it's perfectly possible to make it accept traffic in whatever port you want. If you configure your virtual server as IP:500, it will accept traffic. However, if you add a Client SSL profile to it, then BIG-IP expects to receive a Client Hello after TCP 3-way handshake completes. If it doesn't, BIG-IP rejects the connection. The only exception to this is if you explicitly enable allow-non-ssl setting on Client SSL profile. Then, it should allow any other kind of traffic go through. Hope it helps.



    • IRONMAN's avatar
      Icon for Cirrostratus rankCirrostratus

      Thanks, So i can allow the non ssl traffic.

  • Thanks, But i Want to know if it on port 8080, what happens when traffic coming from HTTP , not using HTTPS? VIP applied with Client SSL profile!