Application Scenarios for SSL Offloading

This section describes SSL offloading application scenarios.

Relieving Intranet Servers from SSL Encryption and Decryption

As shown in Figure 1, intranet servers provide HTTPS services for Internet users. As service traffic increases, intranet servers have to spend a lot of computing resources on SSL encryption and decryption, greatly deteriorating server service processing performance. If you enable SSL offloading on the FW, the FW acts as an SSL proxy server for SSL encryption and decryption. Intranet servers can directly read restored HTTP traffic without installing special drive programs. This implementation greatly reduces the workload of intranet servers.

Figure 1 Relieving intranet servers from SSL encryption and decryption

Implementing HTTP Field-based Policy Scheduling and Sticky Session

As shown in Figure 2, HTTP-based load balancing is enabled on the FW, but the FW cannot extract fields from HTTPS packets for refined traffic scheduling. Consequently, load balancing fails, and the FW randomly distributes traffic to the servers. If you enable SSL offloading on the FW, the FW can restore HTTPS traffic into HTTP traffic. For HTTP traffic, the FW can perform specific load balancing functions, such as HTTP field-based policy scheduling and sticky session. For details, see SLB.

Figure 2 Implementing HTTP field-based policy scheduling and sticky session