In order for the LoadMaster to be able to evaluate incoming traffic, it must be able to read the traffic. For non-encrypted (HTTP) traffic, this would be no problem. However, many services - like Exchange or Lync - use encrypted traffic (HTTPS) by default and therefore the LoadMaster cannot read the incoming traffic without additional configuration. In order to do so, we need to configure the LoadMaster to decrypt SSL traffic first. Inherently, this changes the operating mode from Layer 4 to Layer 7.

While that opens up a wide range of possibilities, it does increase the load on the device and therefore should be taken into account when choosing the right model.

Note: In theory, there is no need to re-encrypt the traffic on its way out, but all examples hence forward will use re-encryption of the SSL traffic as it is being forwarded out of the LoadMaster to the published applications; in this case Exchange or Lync. For more information, including steps on how to configure SSL offloading and re-encryption, refer to the SSL Accelerated Services, Feature Description.