Forum Discussion

Nikoolayy1's avatar
Mar 21, 2021

F5 ASM/WAF in a transparent bridge Reverse Proxy mode

I think that this is good to know. Many WAF vendors nowadays say things like Reverse Proxy/WAF in transperant bridge mode and say that only a few other vendors can do it. The F5 device VIP with a destination host ip is considered an explicit Reverse Proxy because the F5 changes the destination IP, so that it matches the pool member. If we just disable the address translation and use a wildcard VIP we have the called transparent Reverse Proxy/WAF and F5 can do this from version 11 :)

 

Here is the article:

 

 

 

https://support.f5.com/csp/article/K15099

1 Reply

  • Why is applicable product showing : BIG-IP, BIG-IP ASM "11.6.0, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0" but not later versions?

     

    Is there a recommended method of implementing ASM in true transparent mode - where BIG-IP has no self-ip IP addresses and is able to inspect HTTPS traffic without terminating it? Is "Proxy-SSL" feature a possible candidate for the latter, but if so, is it not limited by inability to transparently intercept traffic secured using DSA and ECC?