Bypass VS Interception on SSL Forward Proxy

Question

Hi,&nbsp;
I am using APM+SWG to configure the F5 as Forward Proxy, using the iApp for setting up Secure web Gateway (SWG).&nbsp;
One of the option on it is: Select whether SSL traffic should be intercepted or bypassed by default&nbsp;
Bypass means that the client doesn't terminate the SSL connection on the F5, but it is bypassed by the F5 to be terminated on the Server?&nbsp;
Because Bypassing traffic I am NOT getting any Certificate Warning when accessing HTTPS websites, but when I switch it to 'Intercept' on the F5, I get Warnings on all the HTTPS Websites as I don't have CA signed certificates installed.&nbsp;
Thanks&nbsp;

niels_van_sluis · Answer

Yes, bypass will not intercept SSL traffic. The client that is using the forward proxy will receive the official (authentic) certificate of the server it is connecting to. Bypass will prevent the BIG-IP to do HTTPS inspection for that connection.

Forum Discussion

Bypass VS Interception on SSL Forward Proxy

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Bypass WAF for X-forwarder IP in XC

Use x-forwarded-for to bypass authentication?

Bypass certificate check

DNS Interception: Protecting the Client

MSM Bypass