search

F5Networks / f5-appsvcs-templates

F5 BIG-IP Application Service Templates (FAST)
Apache License 2.0
32 stars 13 forks source link

HTTP Application Template - always forces a http profile (cannot setup "ssl passthrough") #142

Open lundgrenolof opened 4 months ago

lundgrenolof commented 4 months ago

Environment

Summary

When using the built in template HTTP Application Template, and you unselect http profile, it always select a http profile regardless. To build a "SSL Passthrough" VIP, you need to disable TLS Server, TLS Client and http profile. This bug breaks the possibility to create SSL Passthrough VIP.

Steps To Reproduce

Create a new Virtual Server with FAST GUI, using the HTTP Application Template. Unselect TLS Server, TLS Client and do not create FAST-Generated http profile. image

Expected Behavior

I expected the virtual server to have no http profile.

Actual Behavior

Next time you go into fast app, you can see that /Common/http is selected as http profile.

View in Local Traffic -> Virtual Servers image

From debug view inputs

{
  "tenant_name": "fast-apps",
  "app_name": "myappname",
  "virtual_address": "192.168.0.1",
  "virtual_port": 443,
  "fastl4": false,
  "enable_redirect": false,
  "enable_snat": true,
  "snat_automap": true,
  "enable_persistence": false,
  "enable_tls_server": false,
  "enable_tls_client": false,
  "enable_pool": true,
  "make_pool": true,
  "use_static_members": true,
  "pool_members": [
    {
      "serverAddresses": [
        "192.168.0.2"
      ],
      "servicePort": 443,
      "connectionLimit": 0,
      "priorityGroup": 0,
      "shareNodes": true
    }
  ],
  "use_sd": false,
  "load_balancing_mode": "least-connections-member",
  "slow_ramp_time": 300,
  "enable_monitor": true,
  "make_monitor": false,
  "monitor_name_http": "/Common/http",
  "make_http_profile": false,
  "enable_acceleration": false,
  "enable_compression": false,
  "enable_multiplex": false,
  "common_tcp_profile": false,
  "make_tcp_ingress_profile": true,
  "tcp_ingress_topology": "wan",
  "make_tcp_egress_profile": true,
  "tcp_egress_topology": "lan",
  "endpoint_policy_names": [],
  "irule_names": [],
  "vlans_enable": false,
  "monitor_timeout": "NaN"
}