BIG-IP SWG non standard ports

Question

Good morning,&nbsp;It is possible that the BIG-IP configured as an explicit proxy, in addition to using ports 80 and 443, use other non-standard ports for http and https traffic.&nbsp;Is there any recommendation?&nbsp;We made the configuration with the iAPP of F5.&nbsp;Thank you!

niels_van_sluis · Answer

When using the iApp I guess your options are limited. However, when building the explicit forward proxy manual, you can configure additional virtual servers that handle http or https on other non-standards ports.

The explict forward proxy solution from F5 is build by using three virtual servers:

Main VS that listens on port 8080 or 3128 and handles plain http traffic.
Second VS that listens on port 443 and that handles https traffic.
Reject VS that rejects all traffic on other ports (non-standard ports).

To handle additional non-standard ports you can add virtual servers to this configuration. These virtual servers should listen on the same tunnel interface that are being used for the HTTPS and Reject VS.

For more information on how to build the explicit forward proxy without an iApp see:

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-secure-web-gateway-13-1-0/2.html#guid-83fd235f-507a-4754-8640-f3cf629f5e7c

Forum Discussion

BIG-IP SWG non standard ports

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

What is BIG-IP Next?

Getting Started with BIG-IP Next: Fundamentals

BIG-IP Report

Getting Started with BIG-IP Next: Migrating an Application Workload

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial