SSL Passthrough
samv
Member ✭
Hi Friends,
How to configure ssl passthrough on a10 vthunder?
what are the configuration required to do
0
samv
Member ✭
Comments
Configure you Virtual Server
then configure Service Group
Configure Health Monitor
Enable SSL Passthrough
Verify that traffic is being forwarded correctly to the backend servers by testing SSL connections to the virtual server.
The above syntax does not appear to be correct for ACOS. What version is this for?
If no layer 7 traffic inspection is required, we can accomplish this by configuring layer 4 virtual port (ex. port 443 tcp) which will pass all SSL through the A10 to the backend server.
If we need layer 7 inspection but require SSL encryption between A10 and backend server, we can configure layer 7 virtual port (ex. port 443 https) and bind both client-ssl and server-ssl templates.
You are correct; the previous configuration was not specific to ACOS on A10 vThunder. Here's the correct approach for SSL passthrough on ACOS:
If you don't need Layer 7 traffic inspection and want to pass SSL traffic directly to the backend server without SSL decryption, you can configure a Layer 4 virtual port 443.
This will allow all SSL traffic to pass through the A10 vThunder to the backend server.
Exa:
virtual-server SSL-Passthrough-VS
virtual-port 443
protocol tcp
server <backend-server-1> 443
server <backend-server-2> 443
If you require Layer 7 traffic inspection but still want SSL encryption between the A10 vThunder and the backend server,
you can configure a Layer 7 virtual port 443 and bind both client-ssl and server-ssl templates.
ex:
ssl client-template CLIENT-SSL
key <path-to-client-key>
cert <path-to-client-certificate>
ssl server-template SERVER-SSL
key <path-to-server-key>
cert <path-to-server-certificate>
virtual-server Layer7-VS
virtual-port 443
protocol https
server <backend-server-1> 443
server <backend-server-2> 443
template client CLIENT-SSL
template server SERVER-SSL
----
Try this, I hope it helps.