@Tony-Soprano said in Hybrid SSL off load and not:
yes a client has a magento installation which wont work after pfsens haproxy ssl offload.
If the client just needs to do the SSL encryption for whatever reason (HAproxy should be able to satisfy the client / backend, so that SSL offloading should be doable), an option could be to assign a private certificate to backend web instance and install the certificate also on pfSense so that it trusts the backend, or simply disable SSL checks.
You can also generate the backend certificate on pfSense with a local CA. The client cert can have a long period of validity.
Ok we do have 2 public ips so if i config a second WAN on pfsense and make 2nd frontend answer to the second public IP, i can seti it as NON ssl offload for any domain into that frontend right?
You can just assign additional IPs as virtual to the WAN interface and configure the additional frontend to listen on it. It has not to be on another interface.