Forum Discussion
NimbostratusForward User Proxy Setup - LTM / F5 (without SWG)
Hi, trying to validate a solution:
Goal: 1) End-user goes to F5 VIP A.A.A.A () to download a PAC file using iFiles( validated and working using the https://devcentral.f5.com/codeshare/proxy-pacfile-hosting-without-need-for-webservers-using-ifiles-on-v11 configuration)
2) End-user gets VIP: A.A.A.A:8080 from downloaded PAC file as the proxy to use and starts using the F5 as forward proxy without ANY authentication or reporting required. The ONLY thing that is required is, when user goes via the A.A.A.A:8080 F5 must SNAT the user when exiting forward towards the firewalls (so it can come back from the Internet to the F5) (2 not tested)
For 2 I'm looking at a solution that refers to the use of SWG (https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-secure-web-gateway-implementations-12-1-0/7.html)
Challenge: customer doesn't have SWG module/license. Is there EASIER way of doing this? iRule perhaps? Can I JUST use LTM to get this to work?
Diagram:
internal-user ---- f5 ----fw----Internet---google.com
Thanks for feedback!
1 Reply
If all they want to do is route traffic out the F5 they can set up a forwarding VIP.
K7595: Overview of IP forwarding virtual servers https://support.f5.com/csp/article/K7595
Yes, it’s an LTM virtual server with an HTTP explicit profile attached to it.
Configuration is similar to SWG on LTM side but you don’t attach any policy
