cancel
Showing results for 
Search instead for 
Did you mean: 

Possible to proxy outbound SSL connection?

Alexi
Nimbostratus
Nimbostratus

First, I apologize if this is a newbie question. I am fairly new to working with F5's.

 

Issue: I have a client with pretty weak ciphers. It can't connect to www.abc.com (example) because it has no ciphers supported by www.abc.com. In our environment, the F5 serves as both the Load Balancer and Firewall. Outbound internet traffic flow through the F5. www.abc.com is a third party and won't work with me on this issue.

 

Question: Is it possible to have the F5 proxy this outbound connection? The idea is for the F5 to do the SSL negotiation (using F5 ciphers) and pass this traffic back to the client.

 

Thank you in advance.

1 REPLY 1

Yes this is posible. You can setup een explicit forward proxy. For example, you can use this iApp: https://devcentral.f5.com/s/articles/apm-explicit-proxy

 

Note that you don't need APM when SSL inspection isn't required.

 

Manual configuration is also possible. See this:

https://devcentral.f5.com/s/articles/configure-the-f5-big-ip-as-an-explicit-forward-web-proxy-using-ltm-32268

 

With use of a PAC file, it's possible to only send requests to www.abc.com via the proxy.