Decrypt and Re-encrypt requests on F5

We have ADFS on internal netwrok.

Web application proxy server in DMZ

F5 BIGIP in DMZ routing traffic to Proxy server.

SNAT config, so loosing client ip.

We have the ADFS SSL cert on the F5 to decrypt incoming requests, and insert a header.

The WAP listens on https 443, so can we re-encrypt with the same certificate? or do we need to use the public key that the client uses?

We are using the same cert at the moment and the WAP/ADFS is not providing a web page, but if we change to SSL tunnel without decrypting, it works, but we loose client ip.

So we know ADFS WAP is listening and can handle requests to https 443, but if we do decrypt and re-encrypt on the F5 it stops working.

Any help would be great! thanks

BIG-IP

security

Forum Discussion

Decrypt and Re-encrypt requests on F5

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

F5 Distributed Cloud - Regional Decryption with Virtual Sites

Decrypting TLS traffic on BIG-IP