Brocade Communications Systems ServerIron ADX 12.4.00a User Manual
Page 187

ServerIron ADX Security Guide
173
53-1002440-03
Configuring Real and Virtual Servers for SSL Termination and Proxy Mode
6
Configuring Real and Virtual Servers for SSL Termination Mode
Real and Virtual Server configuration is described in detail in the Brocade ServerIron ADX Server
Load Balancing Guide. When configuring a Real or Virtual Server for SSL Termination Mode, you
need to do the following:
•
Configure a Real Server with an HTTP port
•
Configure a Virtual Server with an SSL port
•
Enable SSL termination and specify an SSL profile on the SSL port of the Virtual Server
•
Bind SSL on the Virtual Server to an HTTP port on a Real Server
For IPv4 Real Server to IPv4 Virtual Server
In the example below an IPv4 Real Server and a IPv4 Virtual Server are configured for SSL
Termination mode with the following details:
•
An HTTP port is defined on the Real Server: "rs1"
•
An SSL port is defined on the Virtual Server: "vip1".
•
SSL Termination is enabled and the SSL profile "myprofile" is specified on the Virtual Server:
"vip1".
•
A bind is configured between SSL on Virtual Server: "vip1" and HTTP on Real Server: "rs1".
ServerIronADX(config)# server real rs1 10.1.1.1
ServerIronADX(config-rs-rs1)# port http
ServerIronADX(config-rs-rs1)# exit
ServerIronADX(config)# server virtual-name-or-ip vip1
ServerIronADX(config-vs-vip1)# port ssl
ServerIronADX(config-vs-vip1)# port ssl ssl-terminate myprofile
ServerIronADX(config-vs-vip1)# bind ssl rs1 http
For IPv6Real Server to IPv6 Virtual Server
In the example below an IPv6 Real Server and a IPv6 Virtual Server are configured for SSL
Termination mode with the following details:
•
An HTTP port is defined on the Real Server: "rs2"
•
An SSL port is defined on the Virtual Server: "vip2".
•
SSL Termination is enabled and the SSL profile "ipv6_profile" is specified on the Virtual Server:
"vip2".
•
A bind is configured between SSL on Virtual Server: "vip2" and HTTP on Real Server: "rs2".
ServerIronADX(config)# server real rs2 2000::1
ServerIronADX(config-rs-rs2)# port http
ServerIronADX(config-rs-rs2)# exit
ServerIronADX(config)# server virtual-name-or-ip vip2
ServerIronADX(config-vs-vip2)# port ssl
ServerIronADX(config-vs-vip2)# port ssl ssl-terminate ipv6_profile
ServerIronADX(config-vs-vip2)# bind ssl rs2 http
Syntax: [no] port ssl ssl-terminate
The <ssl-profile-name> variable specifies the name of the SSL profile that you want to bind to the
SSL port, termination mode configuration.