Forum Discussion

Kirimaya's avatar
Kirimaya
Icon for Nimbostratus rankNimbostratus
Aug 17, 2022

F5 SSL-O service chaining issue

Dear F5 Expert, I just implement SSL-O offload in Explicit proxy topologies and off-load SWG in explicit proxy mode. I found the issue detail as below. Security policy Catagorie lookup ALL (Pinne...
application delivery
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee

To be clear though, you CAN send TLS bypassed (encrypted) traffic to inline layer 2, inline layer3, and TAP services.

IanWijaya's avatar
IanWijaya
Icon for Nimbostratus rankNimbostratus
Dec 03, 2022

Hi Kevin,

Trying to send an encrypted traffic to the Proxy devices configured as L3 service, however the proxies change the source port, and seems the signalling doesn't match on SSLO. I can see a RST packet coming from SSLO after the proxy forward the request using different source port.

Any advice / workaround ?

Thanks,

Ian

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Dec 03, 2022

    Yes, configure the proxy device as an HTTP service, instead of inline L3. The signaling used for HTTP services is different so can handle the port change.

Related Content