For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

shakalakka's avatar
shakalakka
Icon for Altostratus rankAltostratus
Nov 16, 2022

Explicit proxy and snat-pools

Hi, We are setting up an explicit proxy for some testing. What we have so far is pretty much the same as this article: Explicit proxy example  Under the "Create a wildcard virtual server"-section ...
application delivery
explicit proxy
shakalakka's avatar
shakalakka
Icon for Altostratus rankAltostratus
Nov 16, 2022

Thanks, ill try this now!
What confuses me a bit is i dont really know what the wildcard actually does. If i read the doc for default-connection-handling, it says that a VS must be created for the outbound connection, if not the connection will be dropped (if connection-handling is set to deny). Im just struggeling a bit to see the difference for the actual connection setup between "allow" and "deny". If the BigIP in "allow" mode just sets up the connection to the server, what difference does the wildcard VS make on the return traffic?

xuwen's avatar
xuwen
Icon for Cumulonimbus rankCumulonimbus
Nov 16, 2022

It seems that the forum has an article to test whether http and https traffic can be proxyed in Deny and Allow modes(you call search this article). if Allow is set, equal "firwall acl permit any", permit dns resolvers resolving the destination IP traffic of the destination domain name.
Note that the zone of DNS Resolvers should be set to ".", otherwise, if your proxy domain name is not in the zone, BIGIP will report a 503 status code