Front-end SSL The decision to either use or not use SSL should be dictated by the level of security required. Applications that do any form of authentication where passwords are transmitted in the clear, or where any information between the client and the virtual server must be secured, should use SSL. Additionally, where SSL is used by the backend web servers, it is best to configure SSL by the virtual server. |
HTTP profile compression You can enable compression on the HTTP profile used by the virtual server. Use compression to provide a better end user experience, particularly where there is limited bandwidth or high latency between the virtual server and the client. |
Cache and session control access policy item - The cache and session control access policy item terminates a user session when it detects that the browser window is closed.You can also use the cache and session control action in an access policy, to provide inactivity timeouts to the user session. Use the Terminate session on user inactivity setting to configure the timeout for an LTM access session. The cache and session control action is supported on Windows browsers only. For configuration information, see Setting up cache and session control. |
Access Profile properties. You can configure a timeout in the access profile. |
The Maximum Session Timeout setting provides an absolute limit for the duration of the access policy connection, regardless of user activity. If you want to ensure that a user session is closed after a certain period of time, configure this setting. Note that this setting is configured in seconds. |
The Inactivity Timeout setting terminates the session if there is no traffic flow in the specified amount of time. Note that this setting is configured in seconds. Depending on the application, you may not want to set the inactivity timeout to a very short duration, as many applications may cache user typing, and generate no traffic for an extended period. In this scenario, a session may time out when the application is still in use, but the content of the user input is not relayed back to the server. For configuration information, see Understanding access profile settings. |
SSL matching SSL should be used consistently on the virtual server, as it is used with the web server. In other words, if the web server uses SSL, the virtual server should use SSL. |
Multi-host service When you implement a service with multiple hosts, access through the virtual server for new requests causes the load balancing algorithm for the associated member pool to select a new server. This can cause problems if persistence to a particular host is required. |
1. | On the Main tab of the navigation pane, expand Access Policy, and click Access Profiles. The Access Profile screen opens. |
2. |
4. | Add any checks and actions required to the access policy. You can assign an ACL with the resource assign action, but do not assign a webtop or a portal access or network access resource. |
1. |
2. | Click Create. |
4. |
5. | Click Finished. |
1. |
2. | Click Create. |
4. | Click Finished. |
1. |
2. | Click Create. |
5. | Select the HTTP Profile from the available options. The default profile, http, is usually sufficient, unless additional configuration options are needed. |
6. | Select the SSL profile (Client) setting. A client SSL profile is only required if you want to enable SSL from the client to the virtual server. |
7. | Select the SSL profile (Server) setting. A server SSL profile is only required if the pool members require SSL. |
8. | From the Access Profile list, select an access profile you created for LTM access. |
9. | Click Finished. |
1. | On the Main tab of the navigation pane, expand Local Traffic, and click Virtual Servers. The Virtual Server List screen opens |
2. | Click the name of the virtual server. The Virtual Server Properties screen opens. |
4. | From the Default Pool list, select the local traffic pool. |
5. | Click Update. |