Hi, I need F5 to communicate to https proxy for the attack signature update but in this procedure (https://support.f5.com/csp/article/K8217) I can only use the proxy hostname but my proxy doesnt have hostname it has only IP. Kindly advise me on how to move forward on this

Hi, Have you tries to configure an IP-address? If you must configure a hostname, the BIG-IP will look-up this hostname using the configured DNS servers. If you are the administrator of these DNS servers, just put an entry there for the hostname. If you are not the administrator of these DNS servers, just add a static host entry on the BIG-IP. System -> Configuration -> Device -> Hosts Regards, Martijn.

Hi Martijn, Sorry I didnt get you, in this case F5 must need an hostname for proxy to configure attack signature there is no way to just use the IP? because my proxy doesn't have an hostname. Kindly help me confirm. Regards, Venkat

Hi Venkata, Go to System -> Configuration -> Device -> Hosts and add a static host(name) with the IP-address of your proxy server. You say your proxy server does not have a hostname, so you can use any host name you want. For example my.proxy.local. Then follow the procedure in article K8217 with the following line: modify /sys db proxy.host value my.proxy.local When a signature update is needed, BIG-IP gets the IP-address of my.proxy.local from the local hostfile. You can also add the host my.proxy.local to the DNS server the BIG-IP uses for resolving. But you need to be the DNS administrator. Regards, Martijn

F5 ASM Communication with https proxy IP

Martijn_144688
Cirrostratus
Aug 03, 2018
Hi,

Have you tries to configure an IP-address?

If you must configure a hostname, the BIG-IP will look-up this hostname using the configured DNS servers. If you are the administrator of these DNS servers, just put an entry there for the hostname.

If you are not the administrator of these DNS servers, just add a static host entry on the BIG-IP.

System -> Configuration -> Device -> Hosts

Regards, Martijn.
- Venkata_Naraya1
  Nimbostratus
  Aug 06, 2018
  Hi Martijn,
  
  Sorry I didnt get you, in this case F5 must need an hostname for proxy to configure attack signature there is no way to just use the IP? because my proxy doesn't have an hostname. Kindly help me confirm.
  
  Regards, Venkat
- Martijn_144688
  Cirrostratus
  Aug 06, 2018
  Hi Venkata,
  
  Go to System -> Configuration -> Device -> Hosts and add a static host(name) with the IP-address of your proxy server. You say your proxy server does not have a hostname, so you can use any host name you want. For example my.proxy.local.
  
  Then follow the procedure in article K8217 with the following line:
  
  modify /sys db proxy.host value my.proxy.local
  
  When a signature update is needed, BIG-IP gets the IP-address of my.proxy.local from the local hostfile.
  
  You can also add the host my.proxy.local to the DNS server the BIG-IP uses for resolving. But you need to be the DNS administrator.
  
  Regards, Martijn
- Venkata_Naraya1
  Nimbostratus
  Aug 06, 2018
  Hi Martijn,
  
  Thanks for the information. Updating the local host file doesnt impact any production traffic, Am I right?
  
  Regards, Venkat
MvdG
Cirrus
Aug 03, 2018
Hi,

Have you tries to configure an IP-address?

If you must configure a hostname, the BIG-IP will look-up this hostname using the configured DNS servers. If you are the administrator of these DNS servers, just put an entry there for the hostname.

If you are not the administrator of these DNS servers, just add a static host entry on the BIG-IP.

System -> Configuration -> Device -> Hosts

Regards, Martijn.
- Venkata_Naraya1
  Nimbostratus
  Aug 06, 2018
  Hi Martijn,
  
  Sorry I didnt get you, in this case F5 must need an hostname for proxy to configure attack signature there is no way to just use the IP? because my proxy doesn't have an hostname. Kindly help me confirm.
  
  Regards, Venkat
- MvdG
  Cirrus
  Aug 06, 2018
  Hi Venkata,
  
  Go to System -> Configuration -> Device -> Hosts and add a static host(name) with the IP-address of your proxy server. You say your proxy server does not have a hostname, so you can use any host name you want. For example my.proxy.local.
  
  Then follow the procedure in article K8217 with the following line:
  
  modify /sys db proxy.host value my.proxy.local
  
  When a signature update is needed, BIG-IP gets the IP-address of my.proxy.local from the local hostfile.
  
  You can also add the host my.proxy.local to the DNS server the BIG-IP uses for resolving. But you need to be the DNS administrator.
  
  Regards, Martijn
- Venkata_Naraya1
  Nimbostratus
  Aug 06, 2018
  Hi Martijn,
  
  Thanks for the information. Updating the local host file doesnt impact any production traffic, Am I right?
  
  Regards, Venkat

Forum Discussion

F5 ASM Communication with https proxy IP

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

2025 Community MVP Announcement

Community at AppWorld 2025

DevCentral Community Guidelines

DevCentral Community Ranking Explained

Use F5 LTM as HTTP Proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS