101 · Question #670
in which scenario is a full proxy TCP connection required?
The correct answer is A. when SSL offloading is used. SSL offloading requires a full proxy TCP connection because BIG-IP must completely terminate the client-side SSL session before establishing a separate connection to the backend server.
Question
in which scenario is a full proxy TCP connection required?
Options
- Awhen SSL offloading is used
- Bwhen Traffic is routed
- Cwhen administrators manage the servers directly
- Dwhen 3 server responds directly to the client
How the community answered
(55 responses)- A89% (49)
- B4% (2)
- C2% (1)
- D5% (3)
Why each option
SSL offloading requires a full proxy TCP connection because BIG-IP must completely terminate the client-side SSL session before establishing a separate connection to the backend server.
SSL offloading requires BIG-IP to act as the SSL endpoint for the client, which means it must fully terminate the inbound TCP and TLS handshake, decrypt the payload, and then initiate a new outbound TCP connection to the server. This two-connection model - one between the client and BIG-IP, and one between BIG-IP and the server - is the definition of a full proxy. Without full proxy mode, BIG-IP cannot intercept and process the encrypted stream.
Routed traffic passes packets without requiring connection termination or Layer 7 inspection, so a full proxy connection model is not needed.
Direct server management refers to administrative access to backend servers and is unrelated to the TCP proxy model used for data-plane traffic forwarding.
Direct Server Return (DSR) bypasses BIG-IP for response traffic entirely, which is incompatible with full proxy mode and does not require it.
Concept tested: Full proxy TCP requirement for SSL offloading
Source: https://www.f5.com/services/resources/glossary/full-proxy
Topics
Community Discussion
No community discussion yet for this question.