Forum Discussion

ag03060_371307's avatar
ag03060_371307
Icon for Nimbostratus rankNimbostratus
Oct 10, 2018

F5 SSL Pass Through from SCCM IBCM to back end DMZ server.

What is the correct way to configure the F5 to allow SCCM IBCM clients with self-signed certs to pass through to the F5 and present its self-signed cert to the back end DMZ server where it will be inspected/ validated with our CA? Our current issue is the F5 gets the cert from the IBCM, opens the cert(inspecting it) which breaks it and then sends it on to the back end DMZ server which then rejects the cert because it has been opened.

 

Thanks in advance for any help on how to get this to work correctly.

 

1 Reply

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus

    If you configure the VS to just pass the IP traffic back & forth like a router (With or without (S)NAT) then it should work fine.

     

    It isn't as if the bigIP 'looking' at the cert 'breaks' it... It's because your BigIP is be acting as an SSL endpoint. i.e. A Man In The Middle. SSL/TLS is DESIGNED to break when this happens. It's part of the security.