SSL Intercept v1.5 (BIG-IP v12.0+: LTM)

Use this F5 deployment guide for guidance on configuring the SSL Intercept v1.5 iApp template, which enables the BIG-IP system to act as a forward proxy, decrypting outbound encrypted traffic so it can be inspected by service chains you configure, and then re-encrypting it for delivery to the destination. Non-encrypted traffic may also be classified and sent through service chains. 

As a part of the iApp, you can configure the BIG-IP system to send traffic to multiple in-line services (both at Layer 2 and Layer 3), receive-only services, ICAP services, and Metric Collector services for inspection.  If you are using separate BIG-IP systems for ingress and egress traffic, the iApp adds the ability to place additional inspection devices in the decrypt zone between the two devices. 

The following diagram shows the SSL Intercept configuration using an ingress and egress BIG-IP system.  Read the deployment guide for detailed information complete instructions for using the F5 SSL Intercept solution.

Published June 14, 2018