Overview of SSL Offloading
SSL offloading can effectively reduce service loads and implement load balancing for HTTP traffic.
SSL is an encryption protocol. SSL-encrypted channels can carry multiple types of application-layer traffic. In a common example, HTTP traffic can be SSL-encrypted into HTTPS traffic. For security, more and more web services are transmitted using HTTPS. Compared with HTTP traffic, HTTPS traffic consumes more server resources for processing. Therefore, web servers must meet higher performance requirements. In addition, the FW cannot extract fields, such as URL and HOST, from HTTPS packets for refined traffic scheduling, deteriorating load balancing effects.
As shown in Figure 1, SSL offloading is configured on the FW. After HTTPS requests from clients reach the FW, the FW restores the HTTPS traffic into HTTP traffic and evenly distributes the HTTP traffic to servers in the intranet. After receiving the reply packets from the servers, the FW encrypts and sends them to the clients.
In a word, the FW carries out SSL encryption and decryption that are originally implemented on servers, saving server resources. Additionally, the FW can schedule restored HTTP traffic based on refined policies.
Real servers on the intranet must support the HTTP service. Otherwise, they cannot process HTTP traffic.