Pass Traffic Unmodified

Question

I was asked a question today and wondered if anyone could help with the answer? I was asked if it is possible for traffic to pass through the F5 on it's way to its destination unmodified in any way.&nbsp;
For example if we had a user accessing SharePoint and the route was via the F5, at the point the traffic goes from F5-&gt;SharePoint, can the F5 just simply hand it over/pass it though to the back end web server unmodified? If indeed it does modify it at all.&nbsp;
I suspect the answer might depend on access policies, SSL profiles and performance features in use on the F5 virtual server but I'm happy to be corrected with a more definitive answer.&nbsp;
I believe the question came because there is a need (maybe for some testing purpose) to access an internal system without any traffic modifications but the person in question does not want to open up a direct access route from user-&gt;system and would prefer to keep the F5 in place.&nbsp;

nicholas_p__308 · Answer

Vetao, &nbsp;
This is referred to as a blind-ssl pass through, everything will terminate on the server itself. To set this up you typically only set a tcp-lan and tcp-wan connection proflile, no HTTP profile, no SSL client or Server certificate. This will allow the traffic to go through without modification.&nbsp;
Depending on your setup (router's etc) you may want to check if AUTOMAP is set for SNAT, as this may change the originating IP address, which can be checked via  TCPDUMP.&nbsp;

Forum Discussion

Pass Traffic Unmodified

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Passing Arguments to iCall Scripts

fellow traffic

Block traffic

Passing Client CAC / Smart Card Cert to Application Server

WSS LTM not passing data correctly