Forum Discussion
SSL forward proxy on VE Lab License possible?
trying to configure SSL forward proxy functionality as described here:
https://techdocs.f5.com/en-us/bigip-17-0-0/big-ip-system-ssl-administration/implementing-ssl-forward-proxy-on-a-single-big-ip-system.html
doing this on a Lab VE and getting the message:
01260000:2: Profile /Common/clientssl-forward-proxy: Forward Proxy is enabled without a license.
which makes sense, the "SSL, Forward Proxy" is not in the Lab License. which is also mentioned here (from 2017): Forward explicit SSL proxy server | DevCentral but then again this licensed changed to be part of SSLO and / or SWG and sometimes things change on the VE lab license.
anyone encountered the same semi recently? any solution found or recent statement from F5 it isn't possible in VE Lab License?
I've got a BIG-IP VE Lab license (F5-BIG-VE-LAB-V18) and was able to create an SSL Forward Proxy without any issues (I remember testing this ~ 6 months ago). However, I had a customer at work with an iSeries BIG-IP and we had to purchase the SSLO addon license key to get SSL forward proxy to work (otherwise we received the same license error that you did).
Do you have "SSL Orchestrator, VE" listed as an active module when you run "show sys license"?
Below is output from my Lab VE when I run the command:root@(BIGIP-1)(cfg-sync In Sync)(Active)(/Common)(tmos)# show sys license Sys::License Licensed Version 17.1.1 Registration key <REDACTED> Licensed On 2024/11/27 Service Check Date 2024/11/27 Platform ID Z100 Daily Renewal Notification Days 5 Permitted Versions 5.*.* - 18.*.* Active Modules BIG-IP, VE, LAB (<REDACTED>) Rate Shaping External Interface and Network HSM, VE BIG-IP VE, Multicast Routing Routing Bundle, VE ASM, VE SSL, VE DNS VE Lab (10K QPS) Max Compression, VE Advanced Protocols, VE SSL Orchestrator, VE APM, Lab, VE AFM, VE (LAB ONLY - NO ROUTING) Exclusive Version, v12.1.X - 18.X Advanced Web Application Firewall, VE Lab DNSSEC PSM, VE VE, Carrier Grade NAT (AFM ONLY)
I've got a BIG-IP VE Lab license (F5-BIG-VE-LAB-V18) and was able to create an SSL Forward Proxy without any issues (I remember testing this ~ 6 months ago). However, I had a customer at work with an iSeries BIG-IP and we had to purchase the SSLO addon license key to get SSL forward proxy to work (otherwise we received the same license error that you did).
Do you have "SSL Orchestrator, VE" listed as an active module when you run "show sys license"?
Below is output from my Lab VE when I run the command:root@(BIGIP-1)(cfg-sync In Sync)(Active)(/Common)(tmos)# show sys license Sys::License Licensed Version 17.1.1 Registration key <REDACTED> Licensed On 2024/11/27 Service Check Date 2024/11/27 Platform ID Z100 Daily Renewal Notification Days 5 Permitted Versions 5.*.* - 18.*.* Active Modules BIG-IP, VE, LAB (<REDACTED>) Rate Shaping External Interface and Network HSM, VE BIG-IP VE, Multicast Routing Routing Bundle, VE ASM, VE SSL, VE DNS VE Lab (10K QPS) Max Compression, VE Advanced Protocols, VE SSL Orchestrator, VE APM, Lab, VE AFM, VE (LAB ONLY - NO ROUTING) Exclusive Version, v12.1.X - 18.X Advanced Web Application Firewall, VE Lab DNSSEC PSM, VE VE, Carrier Grade NAT (AFM ONLY)
thanks Michael, you pointed me in the right direction. i wasn't using a VE Lab License as i thought. trying to see if i can get one working to double check what you found.
Yep, with an actual LAB-V18 license no errors, checking traffic will come later, but this is most likely it. Thank you Michael.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com