Forum Discussion

Cirrus

Jan 03, 2023

Solved

SSL PROXY

I am looking at the SSL Proxy feature to see how it works and if there is possible benefits. I have gotten it to the point where the traffic is getting through and negotiation is "working". I have...

application delivery

cloud

security

Mohamed_Ahmed_Kansoh
Jan 04, 2023
Hi sgnormo ,
maybe you have missed some configuration for ssl proxy feature , I understood from Pcap snapshot that F5 could not validate destination server certificate to pass it to the client , so as a result of this error in ssl sequance ( Specially regarding to ssl Proxy deployments ) F5 send RST packets to close ssl connection , so I see that F5 Resets the destination server (First RST) and the client as well ( Second RST ).

So , I susbect that , there are missing configuraton regarding ssl proxy or a certificate mismatch between F5 and destination server .
For that reason , Please follow this KB well to configure and build ssl proxy correctly :

https://support.f5.com/csp/article/K13385

Also take a look in this Article :

https://support.f5.com/csp/article/K13393

Mohamed_Ahmed_Kansoh

MVP

Jan 04, 2023

Hi sgnormo ,
maybe you have missed some configuration for ssl proxy feature , I understood from Pcap snapshot that F5 could not validate destination server certificate to pass it to the client , so as a result of this error in ssl sequance ( Specially regarding to ssl Proxy deployments ) F5 send RST packets to close ssl connection , so I see that F5 Resets the destination server (First RST) and the client as well ( Second RST ).

So , I susbect that , there are missing configuraton regarding ssl proxy or a certificate mismatch between F5 and destination server .
For that reason , Please follow this KB well to configure and build ssl proxy correctly :

https://support.f5.com/csp/article/K13385

Also take a look in this Article :

https://support.f5.com/csp/article/K13393

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL PROXY

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Cannot ping external interface

Dump all host running services during APM logon

NGINX event logs send to F5 Data Collection Device and analysis from BIG-IQ it possible or not?

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

HA Failover between two Datacenters

Related Content

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

SSL Orchestrator Advanced Use Cases: Integrating SOCKS Proxy

How Proxy SSL works on BIG-IP

Integrating SSL Orchestrator with CheckPoint Firewall VM-Explicit Proxy

SSL Forward Proxy Explained using Wireshark

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS