Forum Discussion

Nimbostratus

Oct 18, 2010

Big-IP configuration with Intrusion Detection device for ssl traffic

Our currenct infrastructure we have load balancing based on IP. For https traffic the Virtual IP on Big-IP is load balancing based on IP. The individual members (servers) in the pool have se...

config

design

hooleylist

Cirrostratus

Oct 18, 2010

Hi Robert,

Decrypting the SSL on LTM is a very common practice. LTM is generally going to be more efficient than the servers at this. And it simplifies the cert administration. And it allows you to easily use an IPS to inspect the decrypted HTTP off a single port. So I'd say it's a good solution that you've arrived at.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Big-IP configuration with Intrusion Detection device for ssl traffic

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

SSL Orchestrator Advanced Use Cases: Integrating F5 Intrusion Prevention System (IPS)

High Performance Intrusion Prevention

Detect and stop exfiltration attempts with F5 Distributed Cloud App Infrastructure Protection

Operationlizing Online Fraud Detection, Prevention, and Response

End-to-End Fraud and Risk Detection with F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS