F5 as a TCP proxy

Question

We'd like to use our F5 as a TCP proxy for a bidirectional traffic flow like this: 
&nbsp; Public IP -- DMZ Firewalls ---F5---Private IP (one server).  
&nbsp; The reason we'd like to have it this way, is because our security policy requires all incoming connections to be proxied.  
&nbsp; For incoming connections, the inside server will be NATed on the firewalls.  
&nbsp; What kind of setup can we have on F5 to support outbound connections, acting like a TCP proxy? 
&nbsp; Thanks.

hoolio · Answer

You can configure a virtual server (or less ideally a SNAT) to allow servers "behind" the BIG-IP to access external hosts/networks through the BIG-IP.  Normally for outbound access, you'd use a Performance Layer4 virtual server pointing to a pool of firewalls or a Forwarding IP virtual server if you want to use the routing table to select a gateway. 
&nbsp;  
&nbsp; SOL5017: Overview of virtual server types   
&nbsp; https://support.f5.com/kb/en-us/solutions/public/5000/000/sol5017.html (Click here) 
&nbsp;  
&nbsp; Aaron

Forum Discussion

F5 as a TCP proxy

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

PCI Compliance and ASM

irule for redirect and header injection

What happens if I activate only ASM without provisioning LTM?

Implement load balancing solution with constraints

How to Block Source IP for 24 Hours After TPS Violation (F5 DoS / iRule / SSL Proxy Setup)

Related Content

F5 TCP Proxy mode

The TCP Proxy Buffer

ADFS Proxy Replacement on F5 BIG-IP

Use F5 LTM as HTTP Proxy

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS