Options

SSL Passthrough

samvsamv Member
in ADC - Application Delivery

Hi Friends,

How to configure ssl passthrough on a10 vthunder?

what are the configuration required to do

Comments

  • Options
    nehaknehak Member

    Configure you Virtual Server

    virtual-server SSL-Passthrough-VS
 virtual-port 443
 protocol tcp
 no ssl-proxy

    then configure Service Group

    service-group SSL-Passthrough-SG
 member <backend-server-1> port 443
 member <backend-server-2> port 443
 ssl-certificate <path-to-certificate-file>

    Configure Health Monitor

    health-monitor TCP-443
 interval 10
 timeout 5
 rise-count 2
 fall-count 3
 reattempt 3
 port 443
 protocol tcp

    Enable SSL Passthrough

    slb virtual-server SSL-Passthrough-VS
 ssl-passthrough enable

    Verify that traffic is being forwarded correctly to the backend servers by testing SSL connections to the virtual server.

  • Options
    mdunnmdunn Member ✭✭

    The above syntax does not appear to be correct for ACOS. What version is this for?

    If no layer 7 traffic inspection is required, we can accomplish this by configuring layer 4 virtual port (ex. port 443 tcp) which will pass all SSL through the A10 to the backend server.

    If we need layer 7 inspection but require SSL encryption between A10 and backend server, we can configure layer 7 virtual port (ex. port 443 https) and bind both client-ssl and server-ssl templates.

  • Options
    nehakakarnehakakar Member

    You are correct; the previous configuration was not specific to ACOS on A10 vThunder. Here's the correct approach for SSL passthrough on ACOS:

    If you don't need Layer 7 traffic inspection and want to pass SSL traffic directly to the backend server without SSL decryption, you can configure a Layer 4 virtual port 443.

    This will allow all SSL traffic to pass through the A10 vThunder to the backend server.

    Exa:

    virtual-server SSL-Passthrough-VS

     virtual-port 443

     protocol tcp

     server <backend-server-1> 443

     server <backend-server-2> 443


    If you require Layer 7 traffic inspection but still want SSL encryption between the A10 vThunder and the backend server,

    you can configure a Layer 7 virtual port 443 and bind both client-ssl and server-ssl templates.

    ex:

    ssl client-template CLIENT-SSL

     key <path-to-client-key>

     cert <path-to-client-certificate>


    ssl server-template SERVER-SSL

     key <path-to-server-key>

     cert <path-to-server-certificate>


    virtual-server Layer7-VS

     virtual-port 443

     protocol https

     server <backend-server-1> 443

     server <backend-server-2> 443

     template client CLIENT-SSL

     template server SERVER-SSL

    ----

    Try this, I hope it helps.

Sign In or Register to comment.