Possible to proxy outbound SSL connection?

Question

First, I apologize if this is a newbie question. I am fairly new to working with F5's.

Issue: I have a client with pretty weak ciphers. It can't connect to www.abc.com (example) because it has no ciphers supported by www.abc.com. In our environment, the F5 serves as both the Load Balancer and Firewall. Outbound internet traffic flow through the F5. www.abc.com is a third party and won't work with me on this issue.

Question: Is it possible to have the F5 proxy this outbound connection? The idea is for the F5 to do the SSL negotiation (using F5 ciphers) and pass this traffic back to the client.

Thank you in advance.

niels_van_sluis · Answer

Yes this is posible. You can setup een explicit forward proxy. For example, you can use this iApp: https://devcentral.f5.com/s/articles/apm-explicit-proxy

Note that you don't need APM when SSL inspection isn't required.

Manual configuration is also possible. See this:

https://devcentral.f5.com/s/articles/configure-the-f5-big-ip-as-an-explicit-forward-web-proxy-using-ltm-32268

With use of a PAC file, it's possible to only send requests to www.abc.com via the proxy.

Forum Discussion

Possible to proxy outbound SSL connection?

1 Reply

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

Behavior of outbound DNS query from LTM behavior

User roles per partition: are multiple possible?

F5 Connection Mirroring question

Lightboard Lessons: SSL Outbound Visibility

DevCentral Connects hosts Capture the Flag!