Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 187

Advertising
background image

ServerIron ADX Security Guide

173

53-1002440-03

Configuring Real and Virtual Servers for SSL Termination and Proxy Mode

6

Configuring Real and Virtual Servers for SSL Termination Mode

Real and Virtual Server configuration is described in detail in the Brocade ServerIron ADX Server
Load Balancing Guide. When configuring a Real or Virtual Server for SSL Termination Mode, you
need to do the following:

Configure a Real Server with an HTTP port

Configure a Virtual Server with an SSL port

Enable SSL termination and specify an SSL profile on the SSL port of the Virtual Server

Bind SSL on the Virtual Server to an HTTP port on a Real Server

For IPv4 Real Server to IPv4 Virtual Server

In the example below an IPv4 Real Server and a IPv4 Virtual Server are configured for SSL
Termination mode with the following details:

An HTTP port is defined on the Real Server: "rs1"

An SSL port is defined on the Virtual Server: "vip1".

SSL Termination is enabled and the SSL profile "myprofile" is specified on the Virtual Server:
"vip1".

A bind is configured between SSL on Virtual Server: "vip1" and HTTP on Real Server: "rs1".

ServerIronADX(config)# server real rs1 10.1.1.1

ServerIronADX(config-rs-rs1)# port http

ServerIronADX(config-rs-rs1)# exit

ServerIronADX(config)# server virtual-name-or-ip vip1

ServerIronADX(config-vs-vip1)# port ssl

ServerIronADX(config-vs-vip1)# port ssl ssl-terminate myprofile

ServerIronADX(config-vs-vip1)# bind ssl rs1 http

For IPv6Real Server to IPv6 Virtual Server

In the example below an IPv6 Real Server and a IPv6 Virtual Server are configured for SSL
Termination mode with the following details:

An HTTP port is defined on the Real Server: "rs2"

An SSL port is defined on the Virtual Server: "vip2".

SSL Termination is enabled and the SSL profile "ipv6_profile" is specified on the Virtual Server:
"vip2".

A bind is configured between SSL on Virtual Server: "vip2" and HTTP on Real Server: "rs2".

ServerIronADX(config)# server real rs2 2000::1

ServerIronADX(config-rs-rs2)# port http

ServerIronADX(config-rs-rs2)# exit

ServerIronADX(config)# server virtual-name-or-ip vip2

ServerIronADX(config-vs-vip2)# port ssl

ServerIronADX(config-vs-vip2)# port ssl ssl-terminate ipv6_profile

ServerIronADX(config-vs-vip2)# bind ssl rs2 http

Syntax: [no] port ssl ssl-terminate <ssl-profile-name>

The <ssl-profile-name> variable specifies the name of the SSL profile that you want to bind to the
SSL port, termination mode configuration.

Advertising
Popular Brands
Popular manuals