Forum Discussion

robert5156_7838's avatar
Icon for Nimbostratus rankNimbostratus
Oct 18, 2010

Big-IP configuration with Intrusion Detection device for ssl traffic

Our currenct infrastructure we have load balancing based on IP.



For https traffic the Virtual IP on Big-IP is load balancing based on IP. The individual members (servers) in the pool have seperate certificates issued by verisign installed on them. Because of this setup we are unable to install a Network based IDS to monitor https traffic as the SSL termination is being done on the actual individual servers.



Wanted to ask you all experts how to implement Big-ip with an Intrusion detection systems to monitor https traffic.



I was thinking that instead of SSL terminating on the actual servers , wanted to get one certificate for the Virtual IP and terminate SSL on the Big-IP device. Then everything betweeen the Big-ip and the server is in clear text and hence can plug-in an IDS to monitor traffic for any web attacks.



Please let me know if there is a better way to design Big-IP with IDS/IPS security monitoring for https traffic.



Thank you in advance for your advice and time.








1 Reply

  • Hi Robert,



    Decrypting the SSL on LTM is a very common practice. LTM is generally going to be more efficient than the servers at this. And it simplifies the cert administration. And it allows you to easily use an IPS to inspect the decrypted HTTP off a single port. So I'd say it's a good solution that you've arrived at.