Thanks. How about "ssl" for port 443. do I need to worry about it?

no. It's only basic L4 load balancing with a virtual server listening on port 443. Use my previous answer in your previous topic, the config is very close to what I posted before.

Yes, you're correct. I want to redirect requests coming in HTTP to HTTPS..

Hi, can you advise if config would look like below:
   
Do I have to specifiy port 80 somewhere? can you pls check if following config looks good?

rserver server1:443
ip add 192.168.1.1
inservice

rserver redirect server1:443
ip add 192.168.1.1
webhost-redirection https://mail.google.com/exchange
inservice

serverfarm redirect secure-redirect-SF
probe port80
rserver redirect server1:443
inservice

serverfarm secure-rediect-SF
  probe port443
  reserver server1:443
  inservice
 
sticky ip-netmask 255.255.255.0 address both  secure-rediect-SG
  timeout 60
  replicate sticky
  serverfarm secure-rediect-SF
 
class-map match-any  secure-rediect-CM
  match virtual-address 10.10.1.1 tcp any
 
policy-map type loadbalance first-match  secure-rediect-PM
  class class-default
   sticky-serverfarm secure-rediect-SG
 
policy-map multi-match LBR-LB
  class  secure-rediect-CM
   loadbalance vip inservice
   loadbalance policy secure-rediect-PM
   loadbalance vip icmp-reply

probe tcp generic-tcp
  interval 5
  passdetect interval 20
  passdetect count 2
  connection term forced
exit

rserver server1
  ip add 192.168.1.1
  inservice
exit

rserver server2
  ip add 192.168.1.2
  inservice
exit

rserver redirect https-target
  webhost-redirection https://mail.google.com/exchange
  inservice 
exit

serverfarm redirect secure-redirect
  rserver https-target
  inservice 
exit

serverfarm host SF443
  failaction purge
  predictor leastconns
  probe generic-tcp
  rserver server1 443
    inservice
  rserver server2 443
    inservice
exit
exit


sticky ip-netmask 255.255.255.255 address source SF443-SG
  timeout 3600
  replicate sticky //only required if HA is in use
  serverfarm SF443
exit

class-map match-any www-CM
  2 match virtual-address 10.10.10.1 255.255.255.255 tcp eq www
exit

class-map match-any https-CM
  2 match virtual-address 10.10.10.1 255.255.255.255 tcp eq 443
exit

policy-map type loadbalance first-match http-PM
  class class-default
    serverfarm secure-redirect
exit
exit

policy-map type loadbalance first-match https-PM
  class class-default
    sticky-serverfarm SF443-SG
exit
exit

policy-map multi-match LBR-LB
  class www-CM
    loadbalance vip inservice
    loadbalance policy http-PM
    loadbalance vip icmp-reply
  class https-CM
    loadbalance vip inservice
    loadbalance policy https-PM
    loadbalance vip icmp-reply
exit
exit

interface vlan xxx
  ip address xxx
  alias xxx
  peer ip address xxx
  access-group input xxx
  service-policy input LBR-LB
  no shutdown
exit

The only reason you would need to worry about 443 when doing web host redirection on the ACE is if the backend rservers are setting the location header (e.g., http://website.com/), this will get forwarded to ACE, ace will reencrypt and send on to client.  The client will see the location header and build a new HTTP connection to ACE which will break the flow..

You can have your webadmins either ensure they are not setting location header and/or implement ssl url-rewrite on the ACE via action list:

For example:

action-list type modify http HTTP-To-HTTPS
  header rewrite response location header-value ".*http*" replace "%1https%2"
  ssl url rewrite location ".*"

in this case, SSL offload is required, I didn't talk about that as it seems to be a migration from CSS, I assume the application already works without ssl rewrite

yeah it should work but we need to have ssl as well

Thank you so much =)