For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

writemike's avatar
writemike
Icon for Nimbostratus rankNimbostratus
Feb 05, 2014

Using APM SSL/VPN on a network with a Proxy using SSL Interception

We have an APM implementation using SSL/VPN with the Edge Client on our employees laptops. Could our employees connect to our APM SSL/VPN on a network with a Proxy using SSL Interception, assuming th...
BIG-IP Access Policy Manager (APM)
design
management
security
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Feb 06, 2014

It won't work for Citrix apps. For the Citrix Receiver to work, the cert has to match... For good reasons.

 

I'm not aware of any client-side checks that would verify the SSL certificate being used... Which is a bit of a shame since the client-side checks include things like spyware and snooping for peer-2-peer software installed... If there was a session variable that was set for the server cert you could possibly create a macro to check it... But you'd need to do this BEFORE the login page was presented (Or you're giving away the password info already). Looking at the session variable for a new connection not yet logged in, I don't see anything obvious...

 

Personally if someone was doing SSL interception on the Wifi, I would get my iPhone out and tether it. Deliberately breaking security is no security.

 

H