Reset Search
 

 

Article

6456 - Does the Traffic Manager Health monitor support sending the Server Name Indication (SNI)?

« Go Back

Information

 
Last Modified Date11/23/2017 12:28 AM
Synopsis
This article provides information if Traffic Manager health monitor support is able to send SNI to the backend web server.
Problem or Goal
In the process of configuring SSL passthrough on the Traffic Manager, there is a requirement for the Service Name Indicator (SNI) to be sent to the backend web server to allow the client to present which host name it is attempting to connect via TLS.
Cause
Solution

The SteelApp Traffic Manger version 10.0+ supports configuring an HTTPS health monitor that will send an SNI TLS extension to the back-end server.

For this HTTPS monitor to work properly, the Pool SSL configuration option 'ssl_server_name' must be enabled.

After creating the HTTPS monitor to attach to the Pool, you need to enable the Pool SSL configuration option by following these steps:

  1. Set the VS directing to this pool to: Discard
  2. Navigate to Services > Pools > Pool_Name > Edit > SSL > Server Authentication: ssl_server_name: yes
  3. Click Update


Note: SNI is only sent to the pool nodes when using the hostname rather than the IP address. For example, if the node in the pool is mywebnode.steelapp.local:443, then SNI will be sent. However, if the node is 192.1.2.3:443, then SNI will not be sent.

Related Links
Attachment 1 
Created ByCode Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255