Transport phase is the first phase of a client HTTP request.

Load Balancer virtual server SSL configuration is found under SSL Configuration. There are two possible configurations. In both modes, the load balancer sees the traffic, and applies load balancer rules based on the client HTTP traffic.
  • SSL Offload, configuring only the SSL client. In this mode, the client to VIP traffic is encrypted (HTTPS), and the load balancer decrypts it. The VIP to Pool member traffic is clear (HTTP).
  • SSL End-to-End, configuring both the Client SSL and Server SSL. In this mode, the client to VIP traffic is encrypted (HTTPS), and the load balancer decrypts it and then re-encrypts it. The VIP to Pool member traffic is encrypted (HTTPS).

The Transport Phase is complete when the virtual server receives the client SSL hello message virtual server. this occurs before SSL is ended, and before HTTP traffic.

The Transport Phase allows administrators to select the SSL mode, annd specific server pool based on the client SSL hello message. There are three options for the virtual server SSL mode:
  • SSL Offload
  • End-to-End
  • SSL-Passthrough (the load balancer does not end SSL)

Load Balancer rules support REGEX for match types. PCRE style REGEX patterns are supported with a few limitations on advanced use cases. When REGEX is used in match conditions, named capturing groups are supported. See Regular Expressions in Load Balancer Rules.

Prerequisites

Verify that a Layer 7 HTTP virtual server is available. See Add Layer 7 HTTP Virtual Servers.

Procedure

  1. Open the Layer 7 HTTP virtual server.
  2. In the Load Balancer Rules section, next to Transport Phase, click Set > Add Rule to configure the load balancer rules for the Transport Phase.
  3. SSL SNI is the only match condition supported. Match conditions are used to match application traffic passing through load balancers.
  4. From the drop-down list, select a Match Type: starts with, ends with, equals, contains, matches regex.
  5. Enter a SNI Name.
  6. Toggle the Case Sensitive button to set a case-sensitive flag for HTTP header value comparison.
  7. Toggle the Negate button to enable it.
  8. From the drop-down list, select a Match Strategy:
    Match Strategy Description
    Any Either host or path may match for this rule to be considered a match.
    All

    Both host and path must match for this rule to be considered a match.

  9. From the drop-down menu, select the SSL Mode Selection.
    SSL Mode Description
    SSL Passthrough

    SSL Passthrough passes HTTP traffic to a backend server without decrypting the traffic on the load balancer. The data is kept encrypted as it travels through the load balancer.

    If SSL Passthrough is selected, a server pool can be selected. See Add a Server Pool for Load Balancing in Manager Mode.
    SSL Offloading

    SSL Offloading decrypts all HTTP traffic on the load balancer. SSL offloading allows data to be inspected as it passes between the load balancer and server. If NTLM and multiplexing are not configured, the load balancer establishes a new connection to the selected backend server for each HTTP request.
    SSL End-to End

    After receiving the HTTP request, the load balancer connects to the selected backend server and talks with it using HTTPS. If NTLM and multiplexing are not configured, the load balancer establishes a new connection to the selected backend server for each HTTP request.
  10. Click SAVE and APPLY.