F5 load balancing transparent proxys (iron port) problem

Question

users   ------&gt;  F5  -------&gt; transparent proxys (iron port) 
I need to load balance 2 transparent proxy using F5
I made wild card virtual server 0.0.0.0 with specific port 443 
I put irule for X-forward to include client IP
And i use presistance profile Destination address affinity 
F5 already load balance traffic to one of transparent proxy 
But there is no response from proxy to F5
and page down
Kindly advice?
Thanks&nbsp;

simon_blakely · Answer

Why are you trying to insert an X-Forwarded-For header into the client request?&nbsp;
Are you using a SNAT on your forwarding virtual?&nbsp;
Do you have a client/server SSL profile on your VIP?&nbsp;
If not, then you cannot insert an X-Forwarded-For header into the request - you can only do that with unencrypted traffic.&nbsp;
Are your proxies performing HTTPS passthrough (maybe inspecting SNI headers or reverse DNS lookup) or are they MITM SSL inspection devices?&nbsp;

asaleh2222_3098 · Answer

I need http profile for transparent proxy&nbsp;

boneyard · Answer

asaleh2222 S Blakely asks four questions and you give one answer that doesn't seem to relate to any of his questions. please answer the questions and provide some more of your config.&nbsp;

asaleh2222_3098 · Answer

I am not using forwarding virtual server and not using SNAT 
I am using Standard virtual server with auto map
I am not using client/server SSL profile on your VIP
Proxy performs HTTPS passthrough&nbsp;

simon_blakely · Answer

Then you cannot apply a http profile, or insert an X-Forwarded-For header. The traffic passing across the F5 is encrypted, so it cannot be examined or modified. If you use SNAT automap you will not see the client ip address at the proxies. If you remove the automap you have to set a route on your proxies to return client ip traffic to the F5. You can loadbalance the connections using the transparent proxies as members in a gateway pool, with destination ip persistence.&nbsp;
I hope this is helpful.&nbsp;

Forum Discussion

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

How to Verify config before loading to F5