Forum Discussion
AltostratusProxy LAN to WAN help needed!!
Hello,
We've recently purchased a SaaS service to support our development team better. This solution is an agent based solution that makes https calls out to the Azure Services in the cloud. We have a few requirements for this that I am running into issues: 1. The LTM must proxy all the traffic 2. I need to use SSL Bridging (re-encrypt traffic to servers) 3. The internal DNS needs to be rewritten to an external URL
The problem I am experiencing is the DNS internally will not work with the external services. So if I have an agent that is calling to "https://my-vip.com" then it needs to be redirected and forwarded to "https://externalsite.com"
Also, the SSL Certificate we are using on the front-end differs from their public SaaS cloud, so I'm not even sure they will be able to read our traffic.
Any thoughts?
1 Reply
Michael_JenkinsCirrostratus
It seems that you can create a pool and virtual server that can access an external resource
for example, you could setup a pool using a node for (the node will create it using the IP address, so that may be good/bad depending on what your requirements are). Then create a virtual server to use that pool and use both a client and server ssl profile. If you were to need to make any changes to the host name or anything else, you could use an iRule to make the necessary modifications to the request.
Concerning the certificate. If you're using a different host name than the cloud, you'll likely need a client sert on the F5 using that host name. The server cert (i tested serverssl-insecure-compatible) will work with the backend. I'm not an expert on certificates by any stretch, so I can't tell you if that would open up potential security concerns, but from my test, it at least worked for me. If you're using the same host name, you would still need a valid cert on the F5 (perhaps use a self-signed cert for that piece) since you need a cert and private key for the things to work right.
