Hello Friends, How can we check proxy configuration on F5 LTM.

You can configure the system to use an HTTPS proxy, which allows an administrator to configure the BIG-IP ASM system to update attack signatures securely and automatically. To do so, perform one of the following procedures:

 

Note: The BIG-IP system does not use the configured proxy address when attempting to contact the licensing server to download a new license. If the Service Check Date is not within 18 months of the system date and the BIG-IP system is unable to contact the licensing server, you must manually reactivate the license and then update the attack signatures.

 

Configuring signature file updates through and HTTPS proxy in BIG-IP ASM 12.0.0 and later

 

Beginning in BIG-IP ASM 12.0.0, you can configure the system to use an HTTPS proxy through the use of BigDB database keys. Configuring the proxy settings by manually modifying the services.ini file is no longer used. To do so, perform the following procedure:

 

Log in to the TMOS Shell (tmsh) by typing the following command: tmsh

 

To set the destination proxy server, use the following command syntax : modify /sys db proxy.host value

 

 

In this command, note the following:

 

is the destination proxy hostname. To set the destination proxy server port, use the following command syntax: modify /sys db proxy.port value

 

 

In this command, note the following:

 

is the numeric port value of your proxy host. To set the destination proxy server protocol, use the following command syntax: modify /sys db proxy.protocol value

 

 

In this command, note the following: is http or https.

 

 

To set the destination proxy server username, use the following command syntax: modify /sys db proxy.username value

 

 

In this command, note the following:

 

is the username for authentication to the proxy server. To set the destination proxy server username password, use the following command syntax: modify /sys db proxy.password value

 

 

In this command, note the following:

 

is the username password when authenticating to the proxy server. Exit tmsh by typing the following command: quit

 

 

Configuring signature file updates through a proxy in BIG-IP ASM versions prior to 12.0.0

 

For BIG-IP ASM versions prior to 12.0.0, you can configure the system to use an HTTPS proxy by editing the services.ini file. To do so, perform the following procedure:

 

Log in to the BIG-IP ASM command line. TO change directories to the /ts/etc/ directory, type the following command: cd /ts/etc/

 

To create a backup of the services.ini file, type the following command: cp services.ini /var/tmp/services.ini.bak

 

Use a text editor to edit the services.ini file. Add the following section to the end of the file: [proxy] https_proxy=https://:

 

 

For example:

 

[proxy] https_proxy=https://172.16.10.100:33750

 

Note: Configuration of the https_proxy is sensitive to whitespace. Before saving any configuration changes, ensure that there are no whitespace characters around the "=" and no trailing whitespace characters after the IP:Port definition.

 

Save the changes you made to the services.ini file. Note: You must manually make this change on both systems in redundant pair configurations. The system does not copy the services.ini file to the peer system during configuration synchronization (ConfigSync) operations.