I have an ACE 4700 and It is balancing a web aplication using tcp ports 80 (http) and 443 (https). The configuration of ACE is in One-Arm, it means that the ACE does a NAT to client IP source address.
For requeriment legal the web aplication must to show the client IP source address in the web site, but with configurationin One-Arm only shows the IP address ACE.
Whit the next configuration I can insert into the http packet the client IP source address
policy-map type loadbalance first-match L7_LB_POLICY_SURA.COM.CO
insert-http X-Forwarded-For header-value "%is"
but that don´t work with HTTPS (443)
How do I do in HTTPS?
If I buy this licenses, Can I do this?
The ace that you have should have some SSL tps from the base license. you can check here based on your model that you purchased and then what is installed.
Any of the following licenses should work:
ACE-AP-SSL-05K-K9 ---- SSL 5,000 TPS License
ACE-AP-SSL-7K-K9 ---- SSL 7,500 TPS License
You will not require an "UP" SSL license as you are not upgrading from an existing license.
The X-Forwarded-For option appends the client IP within the HTTP header of the packet. HTTPS will not work if you are not performing SSL acceleration as the inbound HTTPS packets are encrypted. You will need one of the SSL licenses on the ACE to perform SSL acceleration and have the load balancer insert the X-Forwarded-For value within the decrypted HTTPS traffic.