Forum Discussion

jk303's avatar
jk303
Icon for Nimbostratus rankNimbostratus
Apr 19, 2018

Forward User Proxy Setup - LTM / F5 (without SWG)

Hi, trying to validate a solution:

 

Goal: 1) End-user goes to F5 VIP A.A.A.A () to download a PAC file using iFiles( validated and working using the https://devcentral.f5.com/codeshare/proxy-pacfile-hosting-without-need-for-webservers-using-ifiles-on-v11 configuration)

 

2) End-user gets VIP: A.A.A.A:8080 from downloaded PAC file as the proxy to use and starts using the F5 as forward proxy without ANY authentication or reporting required. The ONLY thing that is required is, when user goes via the A.A.A.A:8080 F5 must SNAT the user when exiting forward towards the firewalls (so it can come back from the Internet to the F5) (2 not tested)

 

For 2 I'm looking at a solution that refers to the use of SWG (https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-secure-web-gateway-implementations-12-1-0/7.html)

 

Challenge: customer doesn't have SWG module/license. Is there EASIER way of doing this? iRule perhaps? Can I JUST use LTM to get this to work?

 

Diagram:

 

internal-user ---- f5 ----fw----Internet---google.com

 

Thanks for feedback!

 

1 Reply