F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

OCSP through an outbound explicit proxy

Hey DC community, Kevin Stewart here with a fun little project I'd like to share. There have been countless questions about this over the years: how to pass LTM or APM OCSP requests through an out...

Published Dec 05, 2017

Version 1.0

BIG-IP Access Policy Manager (APM)

Employee

Joined March 16, 2006

View Profile

thegeneralmills

Nimbostratus

Apr 09, 2019

Thanks for putting this together. We used part of this method to support some F5s that are out in a PoP where we were not planning on adding SNAT capabilities to the access our OCSP stapling endpoint, it did, however, have access to a data center that did have SNAT enabled. We took the "Proxy iRule" you created and applied it to a Virtual Server in the RFC1918 space with a Pool that consisted of the DNS record of our OCSP stapling endpoint. SNAT from the data center works like a champ, and we didn't have to find a different work around to solve this issue.

Thanks a bunch, very helpful and informative!

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

OCSP through an outbound explicit proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS