Forum Discussion

Nimbostratus

Jun 24, 2014

LTM: Proxy Aware?

We use our LTMS to do SSL Authentication via OCSP to various external OCSP responders (Verisign, Entrust, etc). However, i have been tasked with moving our LTMS behind a proxy firewall and cannot fi...

Nimbostratus

Aug 20, 2014

This is the config i have:
-----list ltm virtual Firewall--------
        modify virtual Firewall {
            destination 172.16.155.10:http
            ip-protocol tcp
            mask 255.255.255.255
            pool FirewallPool
            profiles replace-all-with {
                http { }
                tcp { }
            }
            rules {
                NON_Aware
            }
            snat automap
            translate-port disabled
            vlans-disabled
        }
------list ltm pool FirewallPool-------
        modify pool FirewallPool {
            members replace-all-with {
                FirewallPrimary:http {
                    address 10.1.2.210
                }
            }
            monitor gateway_icmp
        }
------list ltm rule non-aware-proxy------
        when SERVER_CONNECTED {
              set bypass 0
              serverside {TCP::respond "CONNECT www.cnn.com:[TCP::server_port] HTTP/1.0\r\n\r\n"}
              TCP::collect
         }
         when SERVER_DATA {
              if { $bypass eq 1 } {
                      TCP::release
                      return
              }
              if { [TCP::payload] starts_with "HTTP/1.1 200" } {
                      TCP::payload replace 0 [TCP::payload length] ""
                      TCP::release
                      set bypass 1
              } else {
                      TCP::close
              }

         }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)