Forum Discussion
6 Replies
- Hannes_Rapp_162Nacreous
A number of things can be wrong. Do you have more information about design, and policy configuration? Do you intend to use WAF so that your internal users can't try attack 3rd party web-sites on the public web? Normally, WAF is put in place to protect your own services from external users.
First basic criteria is that the ASM module requires un-encrypted input. Where do you currently offload TLS?
- chin_15339Nimbostratus
There is no SSL offload its just plain Squid forward proxy listening on port 3128
- Hannes_Rapp_162Nacreous
So HTTPS not working is as expected then. I do not know your use-case, so I will just refer you to solution articles:
-
Look into Client-SSL profiles: https://support.f5.com/csp/article/K14783
-
Depending on your use-case, Proxy SSL feature may suit better: https://support.f5.com/csp/article/K13385
-
- Hannes_RappNimbostratus
A number of things can be wrong. Do you have more information about design, and policy configuration? Do you intend to use WAF so that your internal users can't try attack 3rd party web-sites on the public web? Normally, WAF is put in place to protect your own services from external users.
First basic criteria is that the ASM module requires un-encrypted input. Where do you currently offload TLS?
- chin_15339Nimbostratus
There is no SSL offload its just plain Squid forward proxy listening on port 3128
- Hannes_RappNimbostratus
So HTTPS not working is as expected then. I do not know your use-case, so I will just refer you to solution articles:
-
Look into Client-SSL profiles: https://support.f5.com/csp/article/K14783
-
Depending on your use-case, Proxy SSL feature may suit better: https://support.f5.com/csp/article/K13385
-