Forum Discussion

Fabian_Arroyo_M's avatar
Fabian_Arroyo_M
Icon for Nimbostratus rankNimbostratus
Jan 11, 2017

F5 acting like a Web Proxy Server for internet traffic

Hi all,

 

Anyone know if it is possible to setup LTM to act as proxy server for internet traffic. So, a browser can be pointed at it and traffic proxied to the internet.

 

I need to migrate this functionality from a TMG (Microsoft Forefront Threat Management Gateway)

 

Awaiting forward for your comments.

 

Best regards.

 

Fabián

 

5 Replies

  • eben's avatar
    eben
    Icon for Nimbostratus rankNimbostratus

    The feature on the F5 platform is called Secure Web Gateway (SWG). Be sure that your license supports this. you also will be needing APM provisioned. when I tested this, all of the features worked great except for SafeSearch.

     

  • Hi Fabián,

    If you want something a little less sophisticated than SWG, a Virtual Server can be configured with an http-explicit profile attached. This profile was introduced at 11.5.4 IIRC.

    You'll need to configure the profile to use a DNS Reslolver and if you want to proxy more than http turn on a few other non default settings.

    The configuration for the profile will look something like this:

    ltm profile http http-explicit-BLAH {
        app-service none
        defaults-from http-explicit
        explicit-proxy {
            default-connect-handling allow
            dns-resolver BLAH-dns-resolver
            tunnel-name http-tunnel
        }
        proxy-type explicit
    }
    

    You won't be able to do all the fancy stuff that SWG can do, but if all you need is to point your browser at it it'll work.

    S

  • Thank you very much for your answer. I'm looking for an option that I don't need this licenses. It's possible?

     

  • You can do this without the SWG license. You can use the explicit HTTP profile.

     

    This article is a good start. But be aware, without the SWG license you can't perform website filtering. article

     

    Cheers,

     

    Kees

     

  • SWG+APM sounds like the perfect solution to replicate the Proxy functionalities within the F5, is it the LTM needed in this combo for anything in particular?