Content Switching unavailable if port is 443

0

I am seeing that if I have the Parent VS on port 443 Content Switching is unavailable unless I enable SSL Acceleration. If you change the port to 442 I can setup the Content Switching Rules on the Sub VS in the Parent VS. I save it on 442 and change it to 443 however this doesnt work.  I can see on my fw that traffic is making it to the LM but never through to the websites.  Why is SSL Acceleration need to be enabled on the parent VS?  I want to just read the header of the request which even in TLS you can read without un-encrypting. 

 

Also how can I get to 'verbose' logs to see where my traffic gets stuck in the VS?

 

Content Rules:

Parent VS on port 442:

Content Switching is Available 

 

I change the parent VS to 443:

Content Switching is unavailable but you can see it is still setup from when I had the VS on 442.

2 comments

Avatar
0
email.joerainone

Follow up. If I use 443 for the port, I enable SSL, install a cert all of my Content Matching Rules work. I am trying to get Content Matching based on SNI and NO SSL decryption.

Avatar
0
allen.steckling

You might be able to work around this by doing a port Nat on your external firewall. I've done this a few times in order to enable TLS1.0 ciphers for specific source IP's as an example.