Load Balancing MWG Proxies
Hi, we have 2 F5 active/standby with LTM module release 11.5.1 (latest hotfix).
We are load balancing 2 McAfee Web Gateway proxies which were configured in Explicit mode.
We use SNAT in order to receive the proxy response on the BIG-IP instead of sending it to the real clients. For this reason, we configured BIG-IP to insert the X-forwarded-for header. Then, we configured the MWG proxies to parse the X-Forwarded-for value instead of the client IP address (Which is the BIG-IP floating address) for logging purposes.
Also, we use basic authentication on the proxies against an LDAP server. When a user tries to navigate, it receives a 407 response and a prompt for authentication.
We have a strange behavior:
When the user opens a browser and try an HTTP site, the authentication pop-up appears and all works fine.
When the user opens a browser and try an HTTPS site, the authentication fails.
We made some packet captures and see that BIG-IP sends a reset to the proxy after receiving the 407 response, instead of sending it to the client.
Somebody experience a similar behavior?
Thanks in advance
Best regards