'clone pool' for security functions

Question

Dear All,&nbsp;
There is a need to mirror traffic to a security appliance and there is a feature in F5 called ‘Clone Pool’ that we think we might be able to leverage.
For ingress traffic, it might be easy to configure an inbound VIP to have a clone pool that mirrors traffic to a security appliance, such as Palo Alto.
For egress traffic, I’m to understand that we can create a VIP for outbound that would perform this same mirror function.  I’m not clear exactly how to configure a VIP for both this inbound and outbound purpose.&nbsp;
Thanks and Regards,
Shakeeb&nbsp;

vitaliy_savrans · Accepted Answer

Hi,&nbsp;
Clone pools can be configured to copy client-side traffic, server-side traffic, or both. A client-side clone pool causes the virtual server to replicate client-side traffic (prior to address translation) to the clone pool member. A server-side clone pool causes the virtual server to replicate server-side traffic (after address translation) to the clone pool member.&nbsp;

Forum Discussion

'clone pool' for security functions

Recent Discussions

Irules Editor

What will be happen to live and existing connections when failover HA BIG IP active-standby

HTTPS Monitor Health - Receive String 200 OK Not Working

ADD LTM as a Server To GSLB Server in order to add Vs to GSLB Pool not work!!!

APM file and registry key date check 8 days old

Related Content

F5 Cloud-Native Functions For Secure DNS

F5 Cloud-Native Functions For Secure Ingress

F5 Cloud-Native Functions For Modern Demands - Part 2

F5 Cloud-Native Functions For Modern Demands - Part 1

F5 Security Podcasts

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS