Forum Discussion
4 Replies
- PeteWhiteEmployee
The short answer is yes - but you have to use the SSL forward proxy feature. Put simply, this means that you install a certificate on the client machine and use that certificate on the F5 outgoing virtual server. The F5 can then have two tunnels - one from client to F5 and one from F5 to the website. You can then apply per-request policies or do any other checking that you want to do.
- Spidey_29396Nimbostratus
Hi Pete,
Thank you for the reply.This is corporate users accessing the internet. What kind of certificate will be used for client to F5? We can't afford to install certificates on 1000+ users.
- PeteWhiteEmployee
So you install a CA certificate on the client. It's a feature in the SWG (secure web gateway) APM module - more information here https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-secure-web-gateway-implementations-12-1-0/7.htmlconceptid
- Spidey_29396Nimbostratus
Many thanks Pete!