Forum Discussion
NimbostratusF5 load balancing transparent proxys (iron port) problem
users ------> F5 -------> transparent proxys (iron port) I need to load balance 2 transparent proxy using F5 I made wild card virtual server 0.0.0.0 with specific port 443 I put irule for X-forward to include client IP And i use presistance profile Destination address affinity F5 already load balance traffic to one of transparent proxy But there is no response from proxy to F5 and page down Kindly advice? Thanks
5 Replies
Simon_BlakelyEmployee
Why are you trying to insert an X-Forwarded-For header into the client request?
Are you using a SNAT on your forwarding virtual?Do you have a client/server SSL profile on your VIP?
If not, then you cannot insert an X-Forwarded-For header into the request - you can only do that with unencrypted traffic.Are your proxies performing HTTPS passthrough (maybe inspecting SNI headers or reverse DNS lookup) or are they MITM SSL inspection devices?
asaleh2222_3098I need http profile for transparent proxy
- boneyard
MVP
asaleh2222 S Blakely asks four questions and you give one answer that doesn't seem to relate to any of his questions. please answer the questions and provide some more of your config.
- asaleh2222_3098
I am not using forwarding virtual server and not using SNAT I am using Standard virtual server with auto map I am not using client/server SSL profile on your VIP Proxy performs HTTPS passthrough
- Simon_Blakely
Then you cannot apply a http profile, or insert an X-Forwarded-For header. The traffic passing across the F5 is encrypted, so it cannot be examined or modified. If you use SNAT automap you will not see the client ip address at the proxies. If you remove the automap you have to set a route on your proxies to return client ip traffic to the F5. You can loadbalance the connections using the transparent proxies as members in a gateway pool, with destination ip persistence.
I hope this is helpful.
