F5 as a TCP proxy

Question

We'd like to use our F5 as a TCP proxy for a bidirectional traffic flow like this: 
&nbsp; Public IP -- DMZ Firewalls ---F5---Private IP (one server).  
&nbsp; The reason we'd like to have it this way, is because our security policy requires all incoming connections to be proxied.  
&nbsp; For incoming connections, the inside server will be NATed on the firewalls.  
&nbsp; What kind of setup can we have on F5 to support outbound connections, acting like a TCP proxy? 
&nbsp; Thanks.

hooleylist · Answer

You can configure a virtual server (or less ideally a SNAT) to allow servers "behind" the BIG-IP to access external hosts/networks through the BIG-IP.  Normally for outbound access, you'd use a Performance Layer4 virtual server pointing to a pool of firewalls or a Forwarding IP virtual server if you want to use the routing table to select a gateway. 
&nbsp;  
&nbsp; SOL5017: Overview of virtual server types   
&nbsp; https://support.f5.com/kb/en-us/solutions/public/5000/000/sol5017.html (Click here) 
&nbsp;  
&nbsp; Aaron

Forum Discussion

F5 as a TCP proxy

1 Reply

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

F5 TCP Proxy mode

The TCP Proxy Buffer

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

ADFS Proxy Replacement on F5 BIG-IP

Use F5 LTM as HTTP Proxy