Forum Discussion

Paul_Williams's avatar
Paul_Williams
Icon for Nimbostratus rankNimbostratus
Jan 12, 2018

SSL Intercept

Hi All, fairly new to using an iApp - so here is my question.

 

We need to be using the SSL_intercept_SVC_chain iApp to mitigate the scenario where TLS 1.0 is no longer supported in the big wide world. Basically we have a number of old apps that will only use TLS 1.0 and since this is now being deprecated we plan to use the F5 to handle the client to F5 as TLS 1.0, but then forwards onto external sites as TLS1.2 or 1.3.

 

I have downloaded the iApp, and have worked out all the settings I need to use to make the Application Service - however what I don't get is how to join together the AS and a virtual server.

 

We plan to use an internal DNS entry for selected external sites so that the traffic is forced to the F5 and passed to the internet, and away from our proxies thereby using the F5 to do the TLS re-negotiation/upgrade.

 

We have a two LTMs running in HA so its not a case of passing it from one F5 to another F5 via a decrypt zone.

 

Once I have run the iApp - what do I need to do to use it.

 

application delivery
BIG-IP
LTM
ssl intercept

1 Reply

Sort By
  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    Jan 12, 2018

    Firstly, the iApp scenario is not the same as you have. Have a look at this link:

     

    https://support.f5.com/csp/article/K75104042

     

    In relation to virtual server, there is a section in the iApp with multiple questions about the virtual server. However, it does not ask you the virtual server IP, as it uses 0.0.0.0/0. The iApp will then create 2 virtual servers with 0.0.0.0/0, one for TCP and one for UDP traffic.