Forum Discussion
erol_dogan_1164
Nimbostratus
NimbostratusASM transparent bridge mode detect capabilities
I am evaluating a standalone ASM appliance. There a lot of web applications in my network which I don't know their IP addresses or host names (or even their existence). This is because my network is ...
erol_dogan_1164Nimbostratus
NimbostratusSam, thanks for the quickest response.
I am planning to use below irule since forwarding VS doesn't understand HTTP which means I can't use HTTP events. Do you think it is appropriate? On the other hand, my concern is this will log all traffic including non-web.
Thanks
when CLIENT_ACCEPTED {
set vip [IP::local_addr]:[TCP::local_port] }
when SERVER_CONNECTED {
set client "[IP::client_addr]:[TCP::client_port]" set node "[IP::server_addr]:[TCP::server_port]" }
when CLIENT_CLOSED {
log connection info log local0.info "Client $client -> VIP: $vip -> Node: $node"
}
- This is a good start, yes. You could also use an if statement to limit logging to connections destined for port 80 or 443 to log just web traffic. You may be able to get away with using an all addresses network virtual server of standard type with a pool comprised of your firewall or gateway. Just be sure to turn off address and port translation. You should then be able to assign an HTTP profile to this virtual server and use HTTP iRule events. I have not labbed out this particular configuration, so I am not sure it will work, but it might be worth a try. If you need to use the network forwarding virtual server, you could write a complex iRule to parse the TCP payload for HTTP content, but this would take some doing, and will cause some latency, I imagine.
