Forum Discussion

jocabangon_2204's avatar
jocabangon_2204
Icon for Nimbostratus rankNimbostratus
Mar 01, 2016

SSL Proxy question

Hi Guys,

 

I've got this setup that im trying to figure out on how to implement in f5. We have this web server that the clients needs to see the certifcate when then access the VIP. That's no problem if the f5 is not doing packet inspection, since I got I-rule that does redirection on that same vip. Now I saw some blog saying that SSL proxy should be able to do this, but unfortunately, when I tried implementing ssl proxy it seems to fail when I tried accessing the VIP. I followed the steps from this site https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-3-0/14.html, but still im having issues. Is ssl proxy the answer to my issue? Can you guys have a more detailed step on how to implement ssl proxy? thank you

 

application delivery
devops
iRulesLX
LTM

2 Replies

Sort By
  • jocabangon_2204's avatar
    jocabangon_2204
    Icon for Nimbostratus rankNimbostratus
    Mar 01, 2016
    shoot i missed this part Specify the Destination settings. For a Host, in the Address field, type 0.0.0.0 for the virtual server address. For a Network, in the Address field, type 0.0.0.0 for the virtual server address, and in the Mask field, type 0.0.0.0 for the mask. stupid question is it really 0.0.0.0 on the virtual address part? What if i got a specific ip? Also this will only work on 2 arm load balancing? we are currently doing 1 arm though thanks
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Mar 01, 2016

    Hi Jocabangon,

     

    SSL-Proxy is the answer to your issue. But keep in mind that you have to use RSA based ciphers to make it work. DH or DHE based ciphers simply won't work (resp. would make the SSL-Proxy setup useless).

     

    1 or 2 arm setup wouldn't make any differences.

     

    Cheers, Kai