For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

hai1001_138479's avatar
hai1001_138479
Icon for Nimbostratus rankNimbostratus
Apr 21, 2014

Getting client original source IP for SSL/TLS session terminated by the servers to perform authentication and authorization, not F5

Is it correct that if I use Proxy SSL feature for both client and server profiles in the virtual server, I will get the client original source IP for all SSL/TLS sessions handled by the back-end serv...
application delivery
BIG-IP Access Policy Manager (APM)
design
LTM
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Apr 21, 2014

If I configure F5's internal self-IP as the servers' default gateway, can F5 be functioning as the router forwarding the package to the true default router if the server's package is not originated from F5?

 

Forwarding and routing responses are two different things. At a minimum, you'd need to tell the server to route back through the F5 for any requests it received from the F5, and you can do that by setting the server's default route as the F5's internal self-IP. For that same server to be able to access the world through the F5, for traffic originating at the server, you'd need to also create an internal forwarding VIP (IP forwarding - 0.0.0.0/0:0 - SNAT outbound as required), and then apply a default route on the F5 that points to the true outbound router.