Aug 11, 2017
SSL Forward Proxy Question
Hello all
We have a requirement to allow some servers in a DMZ to talk to a service on the internet. I was looking into the SSL Forward Proxy feature on the LTMs as this appears to provide the service we need. F5s documentation on this is rather weak and rushed. I am following this guide:
Some (basic) questions I had on this:
- When I create a pool, presumably the pool members are the server IPs on the internet?
- The certificate I use on the Client SSL Profile (Certificate B in the link above) - does this certificate need to be signed by our internal CA, and if so, do we need to use a particular certificate template, e.g. Subordinate Certification Authority?
- In the Client SSL Profile, do we only (at minimum) need to configure the SSL Forward Proxy section?
- In the Server SSL Profile which certificate and key do we use? We need the LTM to perform MA with the server. Will this be a certificate generated on the LTM itself or do we need to import the cert + keys of the back end server and use those here?
Thank you.