Frequently Asked Questions

Security

• Can I use one SSL certificate on my Virtual Service for deploying multiple domains?

  It is not possible to use multiple certificates in the same Virtual Service; if you require multiple domains then you will need to use a certificate that can handle this, such as a SAN Certificate or Unified Communications Certificates (UCC).

• How can my LoadMaster help mitigate the impact of a DDoS?

  While LoadMaster is not a security device, it is a hardened Linux appliance and can be applied to help mitigate certain kinds of DDoS attack as part of a well formed DiD strategy.

• What kind of limitations will I face if I choose to use SSL pass through?

  If you do not choose either SSL-offloading or re-encrypting for the incoming SSL traffic, you may notice some configuration limitations. This is due to the fact that the information provide to the LoadMaster is limited to the data that is unencrypted within each packet. This severely limits L7 functionality as only the client's IP address will be viewable.

• My company hosts a website that uses HTTPS. I would like to lessen the burden on the servers by having the LoadMaster decrypt the traffic before it is sent to my server pool, is this possible?

  When dealing with encrypted traffic, the LoadMaster has three ways handling such requests. With this configuration, you will need to import your domain's public certificate and key onto the LoadMaster. This will allow us to decrypt the incoming SSL traffic at the LoadMaster and then pass the traffic to the server unencrypted. In order to support this, the servers must expect and allow secured content to be transmitted over HTTP.

• What does the SSL option re-encrypt do on a VS?

  When SSL Acceleration is enabled on a VS, requests from clients will be sent to the VS encrypted. The LM will then decrypt the traffic and traffic from VS to the Real server will be unencrypted. When the Re-encrypt option is checked – requests from clients will be sent to the VS encrypted.