Forum Discussion

sgnormo's avatar
sgnormo
Icon for Cirrus rankCirrus
Jan 03, 2023

SSL PROXY

I am looking at the SSL Proxy feature to see how it works and if there is possible benefits.  I have gotten it to the point where the  traffic is getting through and negotiation is "working".  I have...
  • Hi sgnormo , 
    maybe you have missed some configuration for ssl proxy feature , I understood from Pcap snapshot that F5 could not validate destination server certificate to pass it to the client , so as a result of this error in ssl sequance ( Specially regarding to ssl Proxy deployments ) F5 send RST packets to close ssl connection , so I see that F5 Resets the destination server (First RST)  and the client as well ( Second RST ). 

    So , I susbect that , there are missing configuraton regarding ssl proxy or a certificate mismatch between F5 and destination server . 
    For that reason , Please follow this KB well to configure and build  ssl proxy correctly : 

    https://support.f5.com/csp/article/K13385

    Also take  a look in this Article : 

    https://support.f5.com/csp/article/K13393