SWG Evaluation
Hey There,
We're evaluating the SWG module to see if it fits well in a consolidation piece we're looking to perform. So far the base configuration seems convoluted, when compared with other forward proxy products but I'm persisting.
I'm currently stuck on three key concepts for the configuration:
- Which certs/keys to use for the SSL client side profile
- What port to use for the browsers SSL setting
- How does reporting work
I've followed Chapter 4 - Explicit Forward Proxy - Configuring SWG Explicit Forward Proxy, but it's not very verbose so I'm struggling to understand how this all pieces together.
For the SSL component, which certificate do I use? I've selected just the default certificate and key for now, but that hasn't worked. I've messed around with varying cert pairs etc, to no avail.
The browser port setting maybe a moot point once the certificate is sorted, I've tried the default 8080 I'm using on the HTTP VS, and also 443 (as the HTTPS VS is on 443), but neither work. Again, the issue may well be the certificates.
The last issue is the reporting, I'm sending HTTP traffic through the forward proxy fine, but nothing is showing up in the reporting section.
Hope these are easy questions!
Thanks
In fact, you can do SSL interception with embedded certificates (ex: "default" for F5).
You have to make sure of two things : - the Certificate is trusted by users, - the certificate is able to sign child certificates (keyring).
Please find below two links : - generating certificates for SSL interception : http://communicationsfinance.com/wp-content/uploads/2013/04/SSL-Interception-on-Proxy-SG.pdf - Configuring SSL Forward Proxy on F5 : http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-5-1/16.htmlconceptid