Forum Discussion

Jay_387077's avatar
Jay_387077
Icon for Nimbostratus rankNimbostratus
Mar 27, 2019

Decrypt and Re-encrypt requests on F5

We have ADFS on internal netwrok.

 

Web application proxy server in DMZ

 

F5 BIGIP in DMZ routing traffic to Proxy server.

 

SNAT config, so loosing client ip.

 

We have the ADFS SSL cert on the F5 to decrypt incoming requests, and insert a header.

 

The WAP listens on https 443, so can we re-encrypt with the same certificate? or do we need to use the public key that the client uses?

 

We are using the same cert at the moment and the WAP/ADFS is not providing a web page, but if we change to SSL tunnel without decrypting, it works, but we loose client ip.

 

So we know ADFS WAP is listening and can handle requests to https 443, but if we do decrypt and re-encrypt on the F5 it stops working.

 

Any help would be great! thanks

 

No RepliesBe the first to reply