From 880cf82beddc5533362280ec0790577fc51f8bd2 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow" Date: Mon, 26 May 2014 18:29:01 +0200 Subject: Add option -a, add possibility to manage ssl client profiles and vserver rules --- docs/fapi.pod | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'docs/fapi.pod') diff --git a/docs/fapi.pod b/docs/fapi.pod index ca50e31..4d3429d 100644 --- a/docs/fapi.pod +++ b/docs/fapi.pod @@ -134,7 +134,7 @@ And everything can be deleted as folows: A simple HTTP NATed service can be created as follows. - fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http + fapi vserver myvserver.example.com:80 create PROTOCOL_TCP http fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:80 set pool foopool @@ -150,6 +150,21 @@ You need also to set the SNAT flag as follows: fapi vserver myvserver.example.com:80 set snat automap +=head2 Settung up simple SNAT Services with SSL offloading enabled + +Just like SNAT service (use port 443) but with these additional steps + +First Upload the SSL certificate to the F5 BIG IP (e.g. System -> File Management +-> SSL Certificate List on BIG IP V11.4). + + # Afterwards create a new SSL profile to use the new certificate: + # (Will automatically use key/crt myserver.example.com.{key,crt}) + fapi profileclientssl myserver.example.com create + + # Then attach that profile to the vserver (default context is + # PROFILE_TYPE_CLIENT_SSL, which means SSL between F5 and Clients) + fapi vserver myvserver.example.com:443 profile add myserver.example.com + =head2 About the NAME argument In most cases NAME can be a hostname, FQDN or an IP address. Optionally folled -- cgit v1.2.3