Forum Discussion

Draven_186334's avatar
Draven_186334
Icon for Altocumulus rankAltocumulus
Oct 10, 2018

SWG use a iRule to set SSL Server SSL profile for different internet base websites

Hello,

 

Using F5 SWG explict proxy, I need to set an irule to set the "SSL::cert mode ignore" for a few websites eg news.com as the full certificate chain is not being delivered to the F5 proxy. Any advice?

 

iRules
Secure Web Gateway
security
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 10, 2018

    For a pure SWG explicit (SSL) forward proxy implementation, you could simply do something like this:

    when SERVERSSL_SERVERHELLO {
    SSL::cert mode ignore
}

    You could also enable/disable this function by matching against the incoming SNI from the Client Hello.