For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bdavis's avatar
bdavis
Icon for Nimbostratus rankNimbostratus
Jan 25, 2019

SSLi/SWG Transparent Proxy w/ Kerberos Auth

We have been testing out SSLi w/SWG Transparent deployment to replace our existing proxy technology. The issue we have ran into is that the SSL bypass feature that is built into the SWG per-request-p...
application delivery
iRules
Secure Web Gateway
security
AceDawg1's avatar
AceDawg1
Icon for Nimbostratus rankNimbostratus
Jan 27, 2019

Hi Brett,

 

I have done a good deal of work on SSLi on a Viprion (transparent proxy, NTLM and Kerberos auth via HTTP 401, etc.). Are you performing bypass to support mutual SSL authentication (e.g. client SSL certs) or for category (financials, government, healthcare) based bypass? SWG should handle the latter (categorization) but I believe you have to have the proper licensing for this functionality.

 

I had some challenges getting domain based bypass to work. IP address (source and destination) worked fine. The F5 should not be establishing communications with the destination server if bypass is enabled. Where are you seeing this behavior?