Forum Discussion

jmusci_327228's avatar
jmusci_327228
Icon for Nimbostratus rankNimbostratus
Oct 24, 2017

Irule Big-ip Forward Proxy

Hi all, I need to configure the big-ip as forward-proxy: an internal server needs to reach Internet and pass through f5. I have already created an internal virtual server, now I should create an irule where I specify one or more ip addresses and the authorized port for eahc IP or the FQDN domain that can be reached. The required protocol is HTTP and HTTPS.

 

To filter instead the IP of the internal server that can access the proxy, I was thinking creating a group in the packet filter.

 

Your help would be very precious.

 

Regards, j.

 

BIG-IP
iRules
security

4 Replies

Sort By
  • ekaleido's avatar
    ekaleido
    Icon for Cirrus rankCirrus
    Oct 24, 2017

    In the world of AWS and Azure, the list of IPs on the internet will potentially change all the time for various FQDN so you will end up babysitting your iRule. I would not suggest using a virtual forwarder and iRule for this task.

     

    • jmusci_327228's avatar
      jmusci_327228
      Icon for Nimbostratus rankNimbostratus
      Oct 24, 2017

      This is the cause i want use FQDN and not just the IP: for example for windows update i will set the FQDN, after that Big-IP will ask the ip address relating this server. I know that ip address for automatic updates, for example, change every week.

       

      But i need also to create the connection for single and exact IP.

       

      Maybe i could create 2 irule, ip address destination based or FQDN based.

       

  • ekaleido_26616's avatar
    ekaleido_26616
    Icon for Cirrocumulus rankCirrocumulus
    Oct 24, 2017

    In the world of AWS and Azure, the list of IPs on the internet will potentially change all the time for various FQDN so you will end up babysitting your iRule. I would not suggest using a virtual forwarder and iRule for this task.

     

    • jmusci_327228's avatar
      jmusci_327228
      Icon for Nimbostratus rankNimbostratus
      Oct 24, 2017

      This is the cause i want use FQDN and not just the IP: for example for windows update i will set the FQDN, after that Big-IP will ask the ip address relating this server. I know that ip address for automatic updates, for example, change every week.

       

      But i need also to create the connection for single and exact IP.

       

      Maybe i could create 2 irule, ip address destination based or FQDN based.