For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jba3126's avatar
jba3126
Icon for Cirrostratus rankCirrostratus
Jul 10, 2019

Monitoring through a Secure Web Gateway using NTLM and Trusted CA

https://devcentral.f5.com/s/feed/0D51T00006i7XIKSA2https://devcentral.f5.com/s/feed/0D51T00006i7XIKSA2I'm working to load balance two Bluecoat SWG Proxies. At the moment I'm good with the load method albeit I'm curious if anyone has had any luck with SNAT and enabling X-Forward-For or equivalent. I'd like to mesh the two which creates return routing complications without the use of SNAT. When I run the following cURL command it works like a charm. Challenge is when I setup the equivalent HTTPS monitor I don't see it trying to connect to the proxy first, but rather I see the traditional SSL Client Hello and the Proxy sends a FIN which makes sense because it didn't attempt a CONNECT method and authorize the connection before setting up SSL.

 

cURL Command:

curl -v -I -x https://username:password@10.10.10.18:4438 --proxy-ntlm https://www.google.com --cacert CA-Int-Trusted.pem

 

I need to be able to translate this into an HTTPS monitor without having to resort to an external monitoring script that has a username and password are in clear text found in some of the posts on the same topic (See below).

 

 https://devcentral.f5.com/s/feed/0D51T00006i7XIKSA2

 

/jeff

 

No RepliesBe the first to reply