Forum Discussion
bdavis
Nimbostratus
NimbostratusSSLi/SWG Transparent Proxy w/ Kerberos Auth
We have been testing out SSLi w/SWG Transparent deployment to replace our existing proxy technology. The issue we have ran into is that the SSL bypass feature that is built into the SWG per-request-p...
AceDawg1Nimbostratus
NimbostratusHi Brett,
I have done a good deal of work on SSLi on a Viprion (transparent proxy, NTLM and Kerberos auth via HTTP 401, etc.). Are you performing bypass to support mutual SSL authentication (e.g. client SSL certs) or for category (financials, government, healthcare) based bypass? SWG should handle the latter (categorization) but I believe you have to have the proper licensing for this functionality.
I had some challenges getting domain based bypass to work. IP address (source and destination) worked fine. The F5 should not be establishing communications with the destination server if bypass is enabled. Where are you seeing this behavior?
