Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

F5 Networks F5CAB5 Exam - Topic 6 Question 6 Discussion

Actual exam question for F5 Networks's F5CAB5 exam
Question #: 6
Topic #: 6
[All F5CAB5 Questions]

Refer to the exhibit.

A BIG-IP Administrator needs to deploy an application on the BIG-IP system to perform SSL offload and re-encrypt the traffic to pool members. During testing, users are unable to connect to the application.

What must the BIG-IP Administrator do to resolve the issue? (Choose one answer)

Show Suggested Answer Hide Answer
Suggested Answer: D

To successfully perform SSL offload and re-encryption on a BIG-IP system, the virtual server must be configured with both a Client SSL profile and a Server SSL profile. The Client SSL profile enables BIG-IP to decrypt inbound HTTPS traffic from clients, while the Server SSL profile is required to re-encrypt traffic before forwarding it to the pool members.

From the exhibit, the virtual server has a Client SSL profile configured, which allows BIG-IP to accept HTTPS connections from clients. However, there is no Server SSL profile attached, meaning BIG-IP attempts to send unencrypted HTTP traffic to pool members listening on HTTPS (port 443). This protocol mismatch causes the server-side SSL handshake to fail, resulting in users being unable to connect to the application.

This behavior is well documented in BIG-IP SSL troubleshooting guides: when backend servers expect HTTPS, a Server SSL profile is mandatory to establish a secure connection from BIG-IP to the pool members.

The other options are incorrect:

Removing the Client SSL profile (Option A) would break client-side HTTPS.

The server-side TCP profile (Option B) is unrelated to SSL encryption.

Forward Proxy (Option C) is only used for outbound SSL inspection scenarios.

Therefore, configuring an SSL Profile (Server) is the correct and required solution.


by Daryl at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium F5CAB5 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Weldon
16 hours ago
I think option D is the best choice. An SSL Profile for the server is crucial.
upvoted 0 times
...
Gennie
6 days ago
Wait, are we sure that's the right fix? Sounds too simple.
upvoted 0 times
...
Onita
11 days ago
Definitely agree with configuring the SSL Profile (Server).
upvoted 0 times
...
Lavonda
16 days ago
Isn't removing the SSL Profile a bit risky?
upvoted 0 times
...
Belen
21 days ago
I think enabling Forward Proxy is the way to go!
upvoted 0 times
...
Pok
27 days ago
They need to configure an SSL Profile (Server) for sure.
upvoted 0 times
...
Ezekiel
1 month ago
Whoever came up with option C must have been having a really bad day. Forward proxy? That's not even close to the solution here.
upvoted 0 times
...
Micah
1 month ago
I'm with Ahmed on this one. D is the correct answer. Gotta love those SSL profiles, am I right?
upvoted 0 times
...
Vernell
2 months ago
Option B is just silly. Splitsession-default-tcp? What is this, a secret code? D is the way to go.
upvoted 0 times
...
Delisa
2 months ago
Haha, I bet the BIG-IP Administrator is scratching their head right now, trying to figure out why the users can't connect. Maybe they forgot to turn on the "magic" button.
upvoted 0 times
...
Ahmed
2 months ago
The answer is clearly D. You need to configure an SSL Profile (Server) to re-encrypt the traffic to the pool members.
upvoted 0 times
...
Verdell
2 months ago
I remember that removing the SSL Profile isn't usually a good idea, but I can't remember if enabling Forward Proxy is necessary for this scenario.
upvoted 0 times
...
Mabel
3 months ago
I’m leaning towards configuring the SSL Profile for the server, but I’m unsure if the Protocol Profile option could also be relevant here.
upvoted 0 times
...
Devorah
3 months ago
I feel like we practiced a similar question where enabling Forward Proxy was the right answer, but I can't recall the exact context.
upvoted 0 times
...
Lang
3 months ago
I think I remember something about needing an SSL Profile for the server, but I'm not entirely sure if that's the only thing we need to check.
upvoted 0 times
...
Vallie
3 months ago
I'm pretty confident the answer is C. The question states the BIG-IP is doing SSL offload, so the SSL Profile (Client) is the key. Enabling Forward Proxy in that profile should help re-encrypt the traffic to the pool members and fix the connection problem.
upvoted 0 times
...
Annalee
3 months ago
I'm leaning towards option B. The question mentions the BIG-IP is performing SSL offload, so the server-side protocol profile is likely the problem. Configuring it as splitsession-default-tcp could help resolve the connectivity issue.
upvoted 0 times
...
Myong
3 months ago
Okay, let me think this through. If it's an SSL offload scenario, then the SSL Profile (Client) is handling the client-side SSL termination. But the users can't connect, so the server-side settings must be the issue. I'll go with option D and configure an SSL Profile (Server).
upvoted 0 times
...
Adell
4 months ago
Hmm, I'm a bit confused. The question says users can't connect, so it seems like the problem is on the server side. Maybe I should focus on the Protocol Profile (Server) and SSL Profile (Server) settings.
upvoted 0 times
...
Mohammad
4 months ago
I think I'd start by looking at the SSL profiles. The question mentions SSL offload, so the SSL Profile (Client) is probably the key issue.
upvoted 0 times
...

Save Cancel