Load Balancing MWG Proxies

Hi, we have 2 F5 active/standby with LTM module release 11.5.1 (latest hotfix).

We are load balancing 2 McAfee Web Gateway proxies which were configured in Explicit mode.

We use SNAT in order to receive the proxy response on the BIG-IP instead of sending it to the real clients. For this reason, we configured BIG-IP to insert the X-forwarded-for header. Then, we configured the MWG proxies to parse the X-Forwarded-for value instead of the client IP address (Which is the BIG-IP floating address) for logging purposes.

Also, we use basic authentication on the proxies against an LDAP server. When a user tries to navigate, it receives a 407 response and a prompt for authentication.

We have a strange behavior:

When the user opens a browser and try an HTTP site, the authentication pop-up appears and all works fine.

When the user opens a browser and try an HTTPS site, the authentication fails.

We made some packet captures and see that BIG-IP sends a reset to the proxy after receiving the 407 response, instead of sending it to the client.

Somebody experience a similar behavior?

Thanks in advance

Best regards

application delivery

availability

LTM

Forum Discussion

Load Balancing MWG Proxies

Recent Discussions

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

NGINXaaS for Azure: Load Balancing

What is Load Balancing?

Load Balancing WebSockets

Deploying F5 BIG-IP with Azure Cross-region load balancer