Forum Discussion

Randy_Abrams's avatar
Randy_Abrams
Icon for Nimbostratus rankNimbostratus
Jan 03, 2014

ProxySSL - tracking the client

Consider the following scenario: A virtual server is defined with a ProxySSL rule to inspect traffic before passing the stream to another virtual server.

 

Question: If a connection is inspected, then rejected by the ProxySSL VS for some reason, is there any way to associate the connection with a client other than source IP? Is there any way to determine the client certificate or the SSL session ID in the ProxySSL VS?

 

  • I'm a little confused by your description. ProxySSL, being a man-in-the-middle SSL mechanism, needs a direct client to server SSL negotiation. So do you mean the client is negotiation SSL (through your ProxySSL-enabled VIP) to another physically separate device downstream?

     

  • Yes I mean the client is negotiation SSL (through a ProxySSL-enabled VIP) to another physically separate device downstream.