Forum Discussion

Marvin_129795's avatar
Marvin_129795
Icon for Nimbostratus rankNimbostratus
Sep 24, 2015

SSL forward proxy integration with FireEye to inspect HTTPS

We are trying to integrate F5 with FireEye to be able to inspect HTTPS traffic with the FireEye NX solution.   We started off by creating a simple SSL forward proxy setup to verify the SSL proxy f...
application delivery
clientside encryption
forward proxy
LTM
ssl
Marvin's avatar
Marvin
Icon for Cirrocumulus rankCirrocumulus
Oct 12, 2015

Update on the original test;

 

Considerations Some applications do not work when SSL interception is enabled like Skype. It is needed to have a full list of host names, IP destination of traffic that cannot be decrypted and has to be excluded. SSL forward proxy only works if clients default gateway is self IP of F5. If external gateway is used all traffic is not being intercepted or matched by the virtual servers. SNAT has to be enabled otherwise connections are not being established. Downside is that FireEye is unable to see the original source IP address. Perhaps HTTP header X-forwarded-for will solve this.

 

It is not needed to configure the F5 as the gateway when we have a Vlan group configured as a tranparent layer 2 setup. Also it is not needed to translate the original IP.