Forum Discussion
SSL Bridging verification
- Sep 19, 2023
socvirgin23 The best way to verify this is to perform a tcpdump for the virtual server in question. You can be 99% certain that if you have SSL termination on the F5 and then re-encrypting when you send it to the pool member then that is what the F5 is doing. You should be able to use the following tcpdump on the F5 to save the capture and then open it up in wireshark and verify that the traffic is indeed encrypted.
tcpdump -nni 0.0:nnp <virtual_server_IP> -w /shared/tmp/mycap.pcap
The capture above will save itself to /shared/tmp/ as filename mycap.pcap so once you end the tcpdump that file should have all the data that you're looking for, provided that you tested that specific virtual server when you had the capture running. You should see two connection one between the client and the F5 and then another between the F5 and the pool member. You can track the tcp connection by looking for the ephemeral port that the client used because the F5 does its best to reuse that ephemeral port between itself and the pool member when forming that side of the tcp connection.
Can you explain your setup here?
Are you running APM so the f5 is your RDP Gateway or is this a different solution?
If you are doing decryption and encryption on the f5 there will be logs for that.
Also tls is part of the layers 4- and above, so you should be able to see that there is a certificate in the traffic flow but it depends on how you are setup.
Hi PSFletchTheTek,
No APM on the F5 it is just LTM. I have 2 virtual servers one configured for SSL Passthrough and the new test virtual server configured for SSL Bridging. The RDP Gateways are pool members and sit behind the F5's.
Inbound RDP traffic from the internet hits the external Palo Alto firewall public ip and then gets NAT'd to the internal ip address of the virtual server on the F5. The Palo NAT rule currently points to the new test Virtual Server. The F5 then load balances the RDP traffic to the RDP Gateways.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com