Forum Discussion

Lazar_92526's avatar
Lazar_92526
Icon for Nimbostratus rankNimbostratus
Mar 21, 2013

SSL Proxy in version 11.3

Is the new SSL Proxy feature in 11.3 the same as SSL bridging or am I missing something?

 

 

The 11.3 implementations guides states the following:

 

 

"With the BIG-IP® system's SSL forward proxy functionality, you can encrypt all traffic between a client

 

and the BIG-IP system, by using one certificate, and to encrypt all traffic between the BIG-IP system and

 

the server, by using a different certificate. SSL forward proxy functionality supports the Server Name

 

Indication (SNI) extension to Transport Layer Security (TLS)."

 

5 Replies

  • i understand "ssl forward proxy" is to allow bigip to decrypt outbound ssl traffic, so bigip can perform whatever action we want.

     

    • Jo_31162's avatar
      Jo_31162
      Icon for Nimbostratus rankNimbostratus
      Hi nitass, always for outbound traffic, is it possible to use "ssl forward proxy" feature if we have another proxy before our f5? Can we have any problems with requested certificate exchange? Traffic flow: internal client-->customer proxy-->f5-->internet Thanks in advance, Rgds
  • i understand "ssl forward proxy" is to allow bigip to decrypt outbound ssl traffic, so bigip can perform whatever action we want.

     

    • Jo_31162's avatar
      Jo_31162
      Icon for Nimbostratus rankNimbostratus
      Hi nitass, always for outbound traffic, is it possible to use "ssl forward proxy" feature if we have another proxy before our f5? Can we have any problems with requested certificate exchange? Traffic flow: internal client-->customer proxy-->f5-->internet Thanks in advance, Rgds
  • Nitass is correct. The SSL proxy feature in 11.3 is for forward proxy. Not to be confused with ProxySSL which is for reverse proxy. That said, SSL forward proxy is a form of SSL bridging, it just requires a slightly different configuration than normal reverse proxy SSL bridging.