101 · Question #204
A site needs to terminate client HTTPS traffic at the BIG-IP and forward that traffic unencrypted. Which two are profile types that must be associated with such a virtual server. (Choose two.)
The correct answer is A. TCP D. ClientSSL. Terminating client HTTPS at BIG-IP and forwarding traffic unencrypted requires only a TCP profile and a ClientSSL profile at minimum.
Question
A site needs to terminate client HTTPS traffic at the BIG-IP and forward that traffic unencrypted. Which two are profile types that must be associated with such a virtual server. (Choose two.)
Options
- ATCP
- BHTTP
- CHTTPS
- DClientSSL
- EServerSSL
How the community answered
(51 responses)- A90% (46)
- B6% (3)
- C2% (1)
- E2% (1)
Why each option
Terminating client HTTPS at BIG-IP and forwarding traffic unencrypted requires only a TCP profile and a ClientSSL profile at minimum.
TCP is the mandatory base transport profile for all standard BIG-IP virtual servers handling TCP-based protocols, including HTTPS.
An HTTP profile adds Layer 7 processing such as header manipulation and content switching, but it is not strictly required solely to terminate SSL and pass decrypted traffic to pool members.
HTTPS is a health monitor type in BIG-IP used to probe server availability, not a profile type that can be assigned to a virtual server.
The ClientSSL profile performs the SSL/TLS handshake with the client and decrypts inbound traffic, which is the core mechanism that terminates HTTPS at the BIG-IP and allows plain HTTP to be forwarded to backend servers.
ServerSSL is used only when BIG-IP must re-encrypt traffic before sending it to pool members; since the requirement specifies forwarding traffic unencrypted, a ServerSSL profile is not needed.
Concept tested: BIG-IP ClientSSL profile for HTTPS SSL offload configuration
Source: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-local-traffic-management-profiles-reference.html
Topics
Community Discussion
No community discussion yet for this question.