20-Dec-2021 13:23
First, I apologize if this is a newbie question. I am fairly new to working with F5's.
Issue: I have a client with pretty weak ciphers. It can't connect to www.abc.com (example) because it has no ciphers supported by www.abc.com. In our environment, the F5 serves as both the Load Balancer and Firewall. Outbound internet traffic flow through the F5. www.abc.com is a third party and won't work with me on this issue.
Question: Is it possible to have the F5 proxy this outbound connection? The idea is for the F5 to do the SSL negotiation (using F5 ciphers) and pass this traffic back to the client.
Thank you in advance.
21-Dec-2021 00:17
Yes this is posible. You can setup een explicit forward proxy. For example, you can use this iApp: https://devcentral.f5.com/s/articles/apm-explicit-proxy
Note that you don't need APM when SSL inspection isn't required.
Manual configuration is also possible. See this:
https://devcentral.f5.com/s/articles/configure-the-f5-big-ip-as-an-explicit-forward-web-proxy-using-ltm-32268
With use of a PAC file, it's possible to only send requests to www.abc.com via the proxy.