Hello Friends, How can we check proxy configuration on F5 LTM.

Question

I want to configure proxy on my F5 LTM box for security signature update. Could someone help me to verify the proxy configuration on F5 LTM.&nbsp;

piotrek_72347 · Answer

You can configure the system to use an HTTPS proxy, which allows an administrator to configure the BIG-IP ASM system to update attack signatures securely and automatically. To do so, perform one of the following procedures:&nbsp;
Note: The BIG-IP system does not use the configured proxy address when attempting to contact the licensing server to download a new license. If the Service Check Date is not within 18 months of the system date and the BIG-IP system is unable to contact the licensing server, you must manually reactivate the license and then update the attack signatures.&nbsp;
Configuring signature file updates through and HTTPS proxy in BIG-IP ASM 12.0.0 and later&nbsp;
Beginning in BIG-IP ASM 12.0.0, you can configure the system to use an HTTPS proxy through the use of BigDB database keys. Configuring the proxy settings by manually modifying the services.ini file is no longer used. To do so, perform the following procedure:&nbsp;
Log in to the TMOS Shell (tmsh) by typing the following command:
tmsh&nbsp;
To set the destination proxy server, use the following command syntax :
modify /sys db proxy.host value &nbsp;
&nbsp;In this command, note the following:&nbsp;
 is the destination proxy hostname.
To set the destination proxy server port, use the following command syntax:
modify /sys db proxy.port value &nbsp;
&nbsp;In this command, note the following:&nbsp;
 is the numeric port value of your proxy host.
To set the destination proxy server protocol, use the following command syntax:
modify /sys db proxy.protocol value &nbsp;
&nbsp;In this command, note the following:  is http or https.&nbsp;
&nbsp;To set the destination proxy server username, use the following command syntax:
modify /sys db proxy.username value &nbsp;
&nbsp;In this command, note the following:&nbsp;
 is the username for authentication to the proxy server.
To set the destination proxy server username password, use the following command syntax:
modify /sys db proxy.password value &nbsp;
&nbsp;In this command, note the following:&nbsp;
 is the username password when authenticating to the proxy server.
Exit tmsh by typing the following command:
quit&nbsp;
&nbsp;Configuring signature file updates through a proxy in BIG-IP ASM versions prior to 12.0.0&nbsp;
For BIG-IP ASM versions prior to 12.0.0, you can configure the system to use an HTTPS proxy by editing the services.ini file. To do so, perform the following procedure:&nbsp;
Log in to the BIG-IP ASM command line.
TO change directories to the /ts/etc/ directory, type the following command:
cd /ts/etc/&nbsp;
To create a backup of the services.ini file, type the following command:
cp services.ini /var/tmp/services.ini.bak&nbsp;
Use a text editor to edit the services.ini file.
Add the following section to the end of the file:
[proxy]
https_proxy=https://:&nbsp;
&nbsp;For example:&nbsp;
[proxy]
https_proxy=https://172.16.10.100:33750&nbsp;
Note: Configuration of the https_proxy is sensitive to whitespace. Before saving any configuration changes, ensure that there are no whitespace characters around the "=" and no trailing whitespace characters after the IP:Port definition.&nbsp;
Save the changes you made to the services.ini file.
Note: You must manually make this change on both systems in redundant pair configurations. The system does not copy the services.ini file to the peer system during configuration synchronization (ConfigSync) operations.&nbsp;

Forum Discussion

Hello Friends, How can we check proxy configuration on F5 LTM.

1 Reply

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

TCPDUMP in BigIP for traffic coming from distrbuited cloud.

Catch Dynamic CRL Errors and Return Friendly Page

Bot Defense causing a lot of false positives

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Adding my Product and support to bigF5 account

Related Content

Managing iRules configuration

wccp configuration for SSL Orchestrator

F5 BIG-IP Advanced WAF – DOS profile configuration options.

APM Configuration to Support Duo MFA using iRule

Virtual-wire Configuration and Troubleshooting

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS