Forum Discussion

CraigMo's avatar
CraigMo
Icon for Nimbostratus rankNimbostratus
Nov 03, 2015

ssl forward proxy configuration

I have configured an irule which is used to send the host to a nameserver for resolution. I also have a clientssl and serverssl profile configured on the VIP and each has the forward proxy feature enabled. The clientside ssl uses a self cert. The server side profile uses "none" for cert and key as I am trying to make this generic. I am also using a snatpool in this configuration. However, when 443 traffic connects to the VIP it does not appear to be passing the traffic outbound. A tcpdump on the F5 shows the conversation between the VIP and the local server but no traffic going out to the Internet. I also have port 80 listening on the same VIP and this traffic works as I see, via a tcpdump, traffic between the VIP and the local server and traffic between the snat IP and a public IP address.

 

Any ideas as to why the 443 traffic is not working?

 

Thanks,

 

2 Replies