Forum Discussion
CirrocumulusCannot get decryption happening with F5 SWG
Hi;
I have implemented F5 SWG as per this article:
My understanding is that the setup here should cause decryption to take place on the virtual server for ssl forward proxy traffic "the one with a client and server SSL profiles".
Yet this is not working for me. To be specific, I can see traffic hitting the virtual server for ssl forward proxy traffic, but I don't see encryption happening on the server ssl profile. This is confirmed by looking at the certificate issuer, which is not that associated with the server SSL profile but rather the original one.
Please note that I am not doing any authentication for now.
Kindly
Wasfi
1 Reply
- Lucas_Thompson
Employee
Unfortunately a lot of the search results are for this content are for v11.x, which was released over a decade ago. SWG has changed significantly since that older version. Take a look at these newer instructions that talk about SWG implementations:
We also have another module called SSL Orchestrator that is specifically designed for this "decrypting outbound internet gateway" use case. It allows you to dynamically forward selected traffic to 3rd party inspection devices that do not themselves support SSL interception. It also makes setup much simpler:
https://clouddocs.f5.com/sslo-deployment-guide/sslo-11/chapter1/page1.01.html
