Configuring F5 SSL Orchestrator as an Outbound Layer 3 Transparent Proxy

Based on the number of inquiries around F5's SSL Orchestrator, I wanted to take a few moments to provide a how-to guide on deploying SSLO with an explicit forward web proxy in the inspection zone. Th...
Published Dec 26, 2018
Version 1.0
application delivery
BIG-IP
LTM
security
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Apr 02, 2019

Hi,

 

Great article. What I can't figure out is how to configure routing on external proxy.

 

My assumption is that:

 

  • Traffic from SSLO will go to External Proxy (EP) via VLAN ssloN_proxy_in (198.19.96.7/25)
  • EP IP is 198.19.96.66, port 3128
  • Traffic should return to SSLO via VLAN ssloN_proxy_outbound (198.19.96.245/25)

Based on that what default route should be set on EP? Should in point to 198.19.96.245?

 

If so I have to be missing something as all the time traffic is just reset by ssloS_explicit-D-0-t-4 that as far as I understand should process it and send to the Internet - or I am completely missing the point here?

 

Piotr