F5 Proxy termination

Question

Hi, 
I have Entrust certificate that is installed on web Server and also import same certificate to F5 Reverse Proxy. my question is when internet traffic terminate at F5 proxy do i need to take special consideration to initiate again secure/encrypted communication between F5 proxy to web server, having a assumption during termination and re-initiate the new session will not change in source packet&nbsp;
URL --&gt;F5 Reverse Proxy (Traffic terminate)--&gt; new session initiate without changing source packet --&gt; webserver (Same Certificate installed that was used by F5 Proxy)  
&nbsp;
thanks&nbsp;

raz_9876_111111 · Answer

In other word i want end to end encryption&nbsp;

leonardo_souza · Answer

You need a clientssl profile with the certificate and private key, to handle the encryption between the client and the F5 device.
Then you just need the default serverssl profile, so the traffic is sent encrypted from the F5 to the server.&nbsp;
Unless you are validating the client (in this case F5) when talking with the server, the default serverssl profile is ok.&nbsp;

johnbernardcheu · Answer

It seems that you are looking to setup the LTM to proxy ssl. Check out this link: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-4-0/15.html&nbsp;
Be aware that ephemeral keys are not supported, the need for possible persistence and security considerations.  Thanks!  &nbsp;

Forum Discussion

F5 Proxy termination

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

Related Content

ADFS Proxy Replacement on F5 BIG-IP

Use F5 LTM as HTTP Proxy

Introducing App Proxies for F5 Silverline

Proxy Protocol v2 Initiator

AI Friday Episode 3: Snowstorms, Truth Terminal, MCP & AGI Insights

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS