08-01-2007 02:04 AM
We're currently running a pair of web servers behind a CSS, on the web servers we're running multiple environments which we're differentiating between through port No's.
One thing we'd like to be able to accomplish is to decrypt incoming traffic on port 443 and redirect this to another port No, eg 9443. Is this something I'm able to achieve on the CSS?
I'm thinking I'd have a content rule to terminate the 443 connection which would include a redirect statement, then a rule to allow the connection in on 9443. In the scenario, security isn't really the main issue (it will be internal connectivity) it's more to allow us to test the functionality and allow us to segregate the traffic.
TIA Dan
08-01-2007 04:40 AM
Dan,
you can have the css listen on port 443 and the server listening on port 9443.
Simply specify which port to use under the service definition.
There is no need for the CSS to decrypt the traffic or send a redirect for this to work.
ie:
service HTTPS1
ip x.x.x.x
port 9443
active
owner mycompany
content ssl
vip x.x.x.x
add service HTTPS1
port 9443
proto tcp
active
Gilles.
08-09-2007 01:38 AM
Thanks for the reply.
Would this also be the same for http re-direction. For example, I'd like to initiate a connection to a URL, but the servers behind the content rule would only accept connections on port 9080 (different environments). Would the following config function:
service HTTP1
ip x.x.x.x
port 80
active
owner mycompany
vip x.x.x.x
add service HTTP1
port 9080
proto tcp
active
08-09-2007 12:17 PM
if the server behing is listening on port 9080, that's the port you need to configure on the service.
The client will have to use the port in the content rule.
The css will translate from the port in the content to the port in the service.
Gilles.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: