CSOC_146480
Jan 26, 2016Nimbostratus
web proxy XFF header https
Hello,
I have recently noticed that my configured F5 proxy is forwarding XFF for http but not for https. For https the F5 is being the broker for client and so client source becomes the F5 for https.
Is there any way for the F5 to proxy client WWW traffic and forward XFF? We are running identity awareness on the next hop device.
flow is as follows. (F5 VS is explicit http proxy currently)
client --> GTM pool to resolve client proxy IP --> GSLB pool (3 x VS) --> Check point with IA (3 in total)
In F5 case, the next hop and DG is the Check Point firewall.
If the above cannot send XFF for https:
- is there another way to use the F5 as a WWW proxy and send original client IP or information to the next hop Check Point?
- if we enabled WWW proxy on the Check Point, can the GTM resolve to the Check Point as a node without proxying the users? There are three routes to the internet for clients
Thanks for any help,
Derrick