Configure the F5 BIG-IP as an Explicit Forward Web Proxy Using LTM

In a previous article, I provided a guide on using F5's Access Policy Manager (APM) and Secure Web Gateway (SWG) to provide forward web proxy services. While that guide was for organizations that are...
Updated Dec 08, 2022
Version 2.0
application delivery
LTM
security
MacOA's avatar
MacOA
Icon for Nimbostratus rankNimbostratus
Oct 25, 2023

So, I know this article is a bit old, but two questions:
1) If I have a 0.0.0.0/0 all port VS, it'll also match for any VS that has any other IP, but not that explicit port defined, correct?  Since the source of the forwarded traffic will be the F5 tunnel, could I just allow that as the range? I'd rather not "capture" traffic otherwise destined for a specific VIP/VS, but doesn't happen to have the port being requested defined for the other VSs.
2)In the case of lookups, we need if it's  not one of two specific domains, to just route to a specific pool as opposed to the wildcard IP forwarder. Today I do that successfully to the pool, but for all requests, including the two domains that when we switch proxy providers/applications those domains will fail so I'd like to handle those via the F5 forwader.
I appreciate anyone's thoughts. 
Tagging original author Steve_Lyons 

Thanks,

Pat Gasior