F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Tom_92667's avatar
Tom_92667
Icon for Nimbostratus rankNimbostratus
Sep 23, 2014

Proxy for encrypted TCP socket connection

Hello - we have made great use of the codeshare examples including extensive use of the HTTP Forward Proxy - v3.2 irule and I see that there are also proxy irule examples for ftp, smtp, ldap and mysql. Is there a way using an proxy irule or perhaps a forwarding virtual server to be able to use the f5 to forward an encrypted TCP socket connection from behind our f5 to an external site ? We currently have this working using a squid proxy server using PREROUTING, POSTROUTING, DNAT and SNAT iptables rules but would prefer using the f5. Can the f5 be configured to behave like the squid proxy server ?

 

application delivery
devops
iRules
LTM

2 Replies

  • Arnaud_Lemaire's avatar
    Arnaud_Lemaire
    Icon for Employee rankEmployee
    Sep 24, 2014

    Hello Tom, do you mean you want to do TCP session forwarding to a fqdn host which should be resolved by BIG-IP ? 11.6 allows you to specify fqdn pool members with resolution done by BIG-IP. That could solve you issue without touching irule.

     

  • Amit_Karnik's avatar
    Amit_Karnik
    Icon for Nimbostratus rankNimbostratus
    Oct 23, 2014

    Is the SNAT IP on a different subnet for which the server does not have a route back ?

     

    Can you add a tcp monitor on the pool and check if the member shows up ? If it does, try setting the snat to Automap.