Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

kazuma's avatar
kazuma
Icon for Nimbostratus rankNimbostratus
Oct 19, 2022

How To Proxy / Tunnel External URLs Through F5

Hello, I'm looking to essentially tunnel web requests for a select few external URLs through an F5, and I'm having trouble getting it working. I've created a FQDN node, for an external domain which...
cloud
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 19, 2022

Is there TLS involved here? Is the internal VIP supposed be encrypted and have a client SSL profile? Is the external site encrypted?

kazuma's avatar
kazuma
Icon for Nimbostratus rankNimbostratus
Oct 19, 2022

Hi Kevin,

Yes, the external site is encrypted, as well as the connection to the internal VIP. 

I have a certificate associated with the client SSL profile which matches the internal.com DNS name pointing to the VIP, as well as the server SSL profile set to use serverssl, which I think just leverages the external.com server's certificate when brokering the connection?

Thanks!

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 19, 2022

    Try taking off the client and server SSL profiles. A browser wil through an error because of the cert mismatch, so you'll probably want to test with Curl. If you can get to the site this way, then there's likely an issue in the server side SSL handshake.

    If you still can't get to the site, check that traffic is leaving the BIG-IP to the intended destination. YOu can also try to Curl directly from the BIG-IP to see if the box can even get there.