Forum Discussion
robert5156_7838
Nimbostratus
NimbostratusBig-IP configuration with Intrusion Detection device for ssl traffic
Our currenct infrastructure we have load balancing based on IP.
For https traffic the Virtual IP on Big-IP is load balancing based on IP. The individual members (servers) in the pool have seperate certificates issued by verisign installed on them. Because of this setup we are unable to install a Network based IDS to monitor https traffic as the SSL termination is being done on the actual individual servers.
Wanted to ask you all experts how to implement Big-ip with an Intrusion detection systems to monitor https traffic.
I was thinking that instead of SSL terminating on the actual servers , wanted to get one certificate for the Virtual IP and terminate SSL on the Big-IP device. Then everything betweeen the Big-ip and the server is in clear text and hence can plug-in an IDS to monitor traffic for any web attacks.
Please let me know if there is a better way to design Big-IP with IDS/IPS security monitoring for https traffic.
Thank you in advance for your advice and time.
hooleylistCirrostratus
Hi Robert,
Decrypting the SSL on LTM is a very common practice. LTM is generally going to be more efficient than the servers at this. And it simplifies the cert administration. And it allows you to easily use an IPS to inspect the decrypted HTTP off a single port. So I'd say it's a good solution that you've arrived at.
Aaron