Forum Discussion
NimbostratusHow build a proxy like setup using BIG-IP
Hi all,
I am looking for the best (simplest) way to implement the following:
Client - - - > F5 VIP - - - > Single server on Internet HTTP HTTPS
This look really close to a proxy setup except that the SSL session (HTTPS) only exist between F5 and server.
My first idea was to build a standard VIP with the default server-ssl profile and just put a single node in the pool (the internet node).
The follwing links give solution on the proxy way but I don't feel this is really what I need
https://devcentral.f5.com/questions/ltm-apm-as-a-web-proxy
https://devcentral.f5.com/wiki/irules.HTTP-Forward-Proxy-v3-2.ashx
https://devcentral.f5.com/wiki/iApp.Generic-Forward-Proxy-with-Websense-Filtering-iApp.ashx
Can you give any advices on best way to acheive what I want?
Fabou
2 Replies
shopkeeper56_23Cirrostratus
Hi Fabou,
You can configure the Big IP to be an explicit proxy and perform SSL inspection via LTM. This means that the client SSL terminates on the Big IP and and "airgap" is created between the SSL of the client and the end server, since the Big IP will create another SSL connection to the external site. I recommend however that you do this in conjunction with the SWG (Secure Web Gateway) URL DB so not to inspect clients private information (financial, health etc.).
F5 has thorough documentation on how to set this up here.
https://www.f5.com/pdf/deployment-guides/ssl-intercept-dg.pdf
Fabou_139732Thanks for your answer. I will keep this in mind. Also please note that my case client to F5 is HTTP then I want F5 to servers be HTTPS.
