Forum Discussion
NimbostratusIs there any way to decrypt internet traffic coming from users internal
We have an F5, load balancing outbound traffic. Is there anyway to get the http[host] for https traffic? We are planning to have certain URL to be directed to one ISP,but i'm worried if users are accessing https sites.
4 Replies
PeteWhiteEmployee
The short answer is yes - but you have to use the SSL forward proxy feature. Put simply, this means that you install a certificate on the client machine and use that certificate on the F5 outgoing virtual server. The F5 can then have two tunnels - one from client to F5 and one from F5 to the website. You can then apply per-request policies or do any other checking that you want to do.
Spidey_29396Hi Pete,
Thank you for the reply.This is corporate users accessing the internet. What kind of certificate will be used for client to F5? We can't afford to install certificates on 1000+ users.
- PeteWhite
So you install a CA certificate on the client. It's a feature in the SWG (secure web gateway) APM module - more information here https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-secure-web-gateway-implementations-12-1-0/7.htmlconceptid
- Spidey_29396
Many thanks Pete!
