Free Preparation Discussions
MENU
F5 Networks F5CAB5 Exam - Topic 7 Question 10 Discussion
Topic #: 7
Refer to the exhibit.
A BIG-IP Administrator needs to deploy an application on the BIG-IP system to performSSL offload and re-encrypt the traffic to pool members. During testing, users are unable to connect to the application.
What must the BIG-IP Administrator do to resolve the issue? (Choose one answer)
To successfully performSSL offload and re-encryptionon a BIG-IP system, the virtual server must be configured withboth a Client SSL profile and a Server SSL profile. The Client SSL profile enables BIG-IP to decrypt inbound HTTPS traffic from clients, while the Server SSL profile is required tore-encrypt traffic before forwarding it to the pool members.
From the exhibit, the virtual server has aClient SSL profile configured, which allows BIG-IP to accept HTTPS connections from clients. However, there isno Server SSL profile attached, meaning BIG-IP attempts to sendunencrypted HTTP trafficto pool members listening on HTTPS (port 443). This protocol mismatch causes the server-side SSL handshake to fail, resulting in users being unable to connect to the application.
This behavior is well documented in BIG-IP SSL troubleshooting guides: when backend servers expect HTTPS, a Server SSL profile is mandatory to establish a secure connection from BIG-IP to the pool members.
The other options are incorrect:
Removing the Client SSL profile (Option A) would break client-side HTTPS.
The server-side TCP profile (Option B) is unrelated to SSL encryption.
Forward Proxy (Option C) is only used for outbound SSL inspection scenarios.
Therefore, configuring anSSL Profile (Server)is the correct and required solution.
Currently there are no comments in this discussion, be the first to comment!