Forum Discussion
NimbostratusSSL Proxy in version 11.3
Is the new SSL Proxy feature in 11.3 the same as SSL bridging or am I missing something?
The 11.3 implementations guides states the following:
"With the BIG-IP® system's SSL forward proxy functionality, you can encrypt all traffic between a client
and the BIG-IP system, by using one certificate, and to encrypt all traffic between the BIG-IP system and
the server, by using a different certificate. SSL forward proxy functionality supports the Server Name
Indication (SNI) extension to Transport Layer Security (TLS)."
5 Replies
nitass_89166Noctilucent
i understand "ssl forward proxy" is to allow bigip to decrypt outbound ssl traffic, so bigip can perform whatever action we want.
- Jo_31162Hi nitass, always for outbound traffic, is it possible to use "ssl forward proxy" feature if we have another proxy before our f5? Can we have any problems with requested certificate exchange? Traffic flow: internal client-->customer proxy-->f5-->internet Thanks in advance, Rgds
- nitass
Employee
i understand "ssl forward proxy" is to allow bigip to decrypt outbound ssl traffic, so bigip can perform whatever action we want.
- Jo_31162Hi nitass, always for outbound traffic, is it possible to use "ssl forward proxy" feature if we have another proxy before our f5? Can we have any problems with requested certificate exchange? Traffic flow: internal client-->customer proxy-->f5-->internet Thanks in advance, Rgds
- Kevin_StewartNitass is correct. The SSL proxy feature in 11.3 is for forward proxy. Not to be confused with ProxySSL which is for reverse proxy. That said, SSL forward proxy is a form of SSL bridging, it just requires a slightly different configuration than normal reverse proxy SSL bridging.
