Free Preparation Discussions
MENU
F5 Networks F5CAB5 Exam - Topic 6 Question 6 Discussion
Topic #: 6
Refer to the exhibit.
A BIG-IP Administrator needs to deploy an application on the BIG-IP system to perform SSL offload and re-encrypt the traffic to pool members. During testing, users are unable to connect to the application.
What must the BIG-IP Administrator do to resolve the issue? (Choose one answer)
To successfully perform SSL offload and re-encryption on a BIG-IP system, the virtual server must be configured with both a Client SSL profile and a Server SSL profile. The Client SSL profile enables BIG-IP to decrypt inbound HTTPS traffic from clients, while the Server SSL profile is required to re-encrypt traffic before forwarding it to the pool members.
From the exhibit, the virtual server has a Client SSL profile configured, which allows BIG-IP to accept HTTPS connections from clients. However, there is no Server SSL profile attached, meaning BIG-IP attempts to send unencrypted HTTP traffic to pool members listening on HTTPS (port 443). This protocol mismatch causes the server-side SSL handshake to fail, resulting in users being unable to connect to the application.
This behavior is well documented in BIG-IP SSL troubleshooting guides: when backend servers expect HTTPS, a Server SSL profile is mandatory to establish a secure connection from BIG-IP to the pool members.
The other options are incorrect:
Removing the Client SSL profile (Option A) would break client-side HTTPS.
The server-side TCP profile (Option B) is unrelated to SSL encryption.
Forward Proxy (Option C) is only used for outbound SSL inspection scenarios.
Therefore, configuring an SSL Profile (Server) is the correct and required solution.
Vernell
4 days agoDelisa
9 days agoAhmed
14 days agoVerdell
19 days agoMabel
24 days agoDevorah
30 days agoLang
1 month agoVallie
1 month agoAnnalee
2 months agoMyong
2 months agoAdell
2 months agoMohammad
2 months ago