Forum Discussion
shakalakka
Altostratus
AltostratusExplicit proxy and snat-pools
Hi, We are setting up an explicit proxy for some testing. What we have so far is pretty much the same as this article: Explicit proxy example Under the "Create a wildcard virtual server"-section ...
shakalakkaAltostratus
AltostratusThanks, ill try this now!
What confuses me a bit is i dont really know what the wildcard actually does. If i read the doc for default-connection-handling, it says that a VS must be created for the outbound connection, if not the connection will be dropped (if connection-handling is set to deny). Im just struggeling a bit to see the difference for the actual connection setup between "allow" and "deny". If the BigIP in "allow" mode just sets up the connection to the server, what difference does the wildcard VS make on the return traffic?
xuwen
Cumulonimbus
CumulonimbusIt seems that the forum has an article to test whether http and https traffic can be proxyed in Deny and Allow modes(you call search this article). if Allow is set, equal "firwall acl permit any", permit dns resolvers resolving the destination IP traffic of the destination domain name.
Note that the zone of DNS Resolvers should be set to ".", otherwise, if your proxy domain name is not in the zone, BIGIP will report a 503 status code