Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Possible to proxy outbound SSL connection?

Alexi
Nimbostratus
Nimbostratus

‎20-Dec-2021 13:23

First, I apologize if this is a newbie question. I am fairly new to working with F5's.

 

Issue: I have a client with pretty weak ciphers. It can't connect to www.abc.com (example) because it has no ciphers supported by www.abc.com. In our environment, the F5 serves as both the Load Balancer and Firewall. Outbound internet traffic flow through the F5. www.abc.com is a third party and won't work with me on this issue.

 

Question: Is it possible to have the F5 proxy this outbound connection? The idea is for the F5 to do the SSL negotiation (using F5 ciphers) and pass this traffic back to the client.

 

Thank you in advance.

Labels:
0 Kudos
1 REPLY 1

Niels_van_Sluis
MVP
MVP

‎21-Dec-2021 00:17

Yes this is posible. You can setup een explicit forward proxy. For example, you can use this iApp: https://devcentral.f5.com/s/articles/apm-explicit-proxy

 

Note that you don't need APM when SSL inspection isn't required.

 

Manual configuration is also possible. See this:

https://devcentral.f5.com/s/articles/configure-the-f5-big-ip-as-an-explicit-forward-web-proxy-using-ltm-32268

 

With use of a PAC file, it's possible to only send requests to www.abc.com via the proxy.

Copyright © 2023 Khoros, LLC