Proxy for encrypted TCP socket connection

Question

Hello - we have made great use of the codeshare examples including extensive use of the HTTP Forward Proxy - v3.2 irule and I see that there are also proxy irule examples for ftp, smtp, ldap and mysql. Is there a way using an proxy irule or perhaps a forwarding virtual server to be able to use the f5 to forward an encrypted TCP socket connection from behind our f5 to an external site ?
We currently have this working using a squid proxy server using PREROUTING, POSTROUTING, DNAT and SNAT iptables rules but would prefer using the f5. Can the f5 be configured to behave like the squid proxy server ?&nbsp;

arnaud_lemaire · Answer

Hello Tom, do you mean you want to do TCP session forwarding to a fqdn host which should be resolved by BIG-IP ? 11.6 allows you to specify fqdn pool members with resolution done by BIG-IP. That could solve you issue without touching irule.

amit_karnik · Answer

Is the SNAT IP on a different subnet for which the server does not have a route back ?&nbsp;
Can you add a tcp monitor on the pool and check if the member shows up ? If it does, try setting the snat to Automap.&nbsp;

Forum Discussion

Proxy for encrypted TCP socket connection

2 Replies

Recent Discussions

Advise on setting up IRULE

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Related Content

problems connecting socket via F5

Lock and Key - Encrypting EBS Disk Volumes for BIG-IP AWS Deployments

F5 Connection Mirroring question

CBC ciphers in relation to RFC7366 Encrypt-then-MAC

DevCentral Connects hosts Capture the Flag!