Forum Discussion

Nimbostratus

Aug 15, 2014

SWG Evaluation

Hey There, We're evaluating the SWG module to see if it fits well in a consolidation piece we're looking to perform. So far the base configuration seems convoluted, when compared with other forw...

application delivery

BIG-IP Access Policy Manager (APM)

Yann_Desmarest_
Aug 19, 2014
In fact, you can do SSL interception with embedded certificates (ex: "default" for F5).

You have to make sure of two things : - the Certificate is trusted by users, - the certificate is able to sign child certificates (keyring).

Please find below two links : - generating certificates for SSL interception : http://communicationsfinance.com/wp-content/uploads/2013/04/SSL-Interception-on-Proxy-SG.pdf - Configuring SSL Forward Proxy on F5 : http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-5-1/16.htmlconceptid

Yann_Desmarest

Cirrus

Hi,

You have to use a keering certificate that is trusted (or its Issuer is trusted by users)

It's a special kind of certificate.

Yann

Son_of_Tom_1379

Nimbostratus

Aug 17, 2014

Thanks for that Yann, don't suppose you have anything more verbose? This is a certificate type I'm not familiar with. There is an internal PKI infrastructure which we may be able to leverage, I just find it hard to believe it's a requirement as products such as Symantec Web Gateway provide this functionality out of the box.

Forum Discussion

SWG Evaluation

Recent Discussions

Microsoft 365 IP Steering python script

F5 Application common issues

Is network access bypassing APM logon pages?

<apm_do_not_touch> in JS file failing</apm_do_not_touch>

Suddenly Can't access Login Box to F5 LTM Via SSH & GUI

Related Content

F5 Distributed Cloud Network Firewall Rule Evaluation and Packet Flow

Intermediate iRules: Evaluating Performance

iRule operator evaluation order OR/AND

Evaluate WAF Policy with BIG-IQ Policy Analyzer

big-iq stuck running evaluation task