Forum Discussion
Jnon
Nimbostratus
NimbostratusCreating loopback configuration
I have a need to create a configuration where the traffic comes in - passes through the internal network interface that is mirrored for inspection, then route back out to an external site. Is this possible without having a proxy server on my internal network?
example:
VS mysite.com listening on external interface - pass traffic through internal interface - and route to site.mysite.com out the external interface
6 Replies
- nitass
Employee
Is this possible without having a proxy server on my internal network?not sure if i understand correctly. you mean there is no server on internal network, don't you? so, who does inspection? 
JnonIt simply be a Layer 7 firewall- nitassIt simply be a Layer 7 firewallcan the firewall inspect packet from clone pool or interface mirroring?
sol13392: Configuring the BIG-IP system to send traffic to an intrusion detection system (11.x)
http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13392.html - JnonThe firewall can't, I am using mirroring for an IDS system currently, additionally have a L7 firewall inline from the internal interface that is used for internal servers, but have an additional need to route some traffic through the LTM for the sake of L7 inspection, then route back out to a different site.
- nitassnot sure if it works but what if we set translate address and service disable on virtual server configuration and use firewall as pool. so, bigip will send traffic to firewall without changing destination address and port (service). then create another virtual server listening on firewall vlan to send traffic to outside.
- JnonI'll see if I can create a proof-of-concept of this - thanks for all your help.
