This scenario uses an SSL passthrough application profile type. Edge does not close client HTTPS (SSL sessions). Edge load balances TCP sessions to the servers. Client SSL sessions are closed on the servers (not the edge). L7 application rules cannot be applied.

Note: Certificates are not required for SSL passthrough application profiles.

Procedure

  1. Create an SSL passthrough application profile.
    1. Log in to the vSphere Web Client.
    2. Click Networking & Security > NSX Edges.
    3. Double-click an NSX Edge.
    4. Click Manage > Load Balancer > Application Profiles.
    5. Click Add and specify the application profile parameters.
      Version Procedure
      NSX 6.4.5 and later
      1. In the Application Profile Type drop-down menu, select SSL Passthrough.
      2. In the Persistence drop-down menu, select None.
      NSX 6.4.4 and earlier
      1. In the Type drop-down menu, select HTTPS.
      2. Select the Enable SSL Passthrough check box.
      3. In the Persistence drop-down menu, select None.
  2. Create a virtual server.
    1. Log in to the vSphere Web Client.
    2. Click Networking & Security > NSX Edges.
    3. Double-click an NSX Edge.
    4. Click Manage > Load Balancer > Virtual Servers.
    5. Click Add and specify the virtual server parameters.
      1. Enable the virtual server to make this virtual server available for use.
      2. Select the protocol as HTTPS.
      3. Select the default pool that is composed of HTTPS servers.
      4. Select the application profile that you created in step 1.

      For information about specifying the other parameters in the New Virtual Server window, see Add Virtual Servers.

      Note:
      • If Acceleration is enabled and there are no L7 related configurations, Edge does not end the session.
      • If Acceleration is disabled, the session might be treated as L7 TCP mode, and Edge ends it into two sessions.