Forum Discussion
jkanm_258627
Altostratus
AltostratusF5 BIG-IP and Imperva Integration.
Hi, Design requirements: F5 LTM VE (13.x) takes traffic to VIP (sends to Imperva for inspection) Imperva sends back to LTM, LTM sends to SERVER. Traffic between F5/Imperva/Server must be SSL encrypted.
KEY design requirements/notes: 1) F5 must send to Imperva ENCRYPTED (Imperva will do the decrypt/encrypt). 2) LTM has BEST license (BUT only LTM is enabled)
Questions I have - can this be done on LTM only (not using SSL Orchastrator)? And will there be any issues keeping it ALL SSL between the 2 boxes?
Thanks for your feedback!
Chris_GrantEmployee
A lot depends on exactly what you want the BigIP and Imperva to do. If you just want to inspect the traffic with Imperva with no expectation that the traffic stream will be modified, I would suggest using clone pools. The BigIP will mirror all the traffic it receives up to the Imperva, including responses if desired, but will otherwise go about it's normal role. I would check this out for more information:
K13392: Configuring the BIG-IP system to send traffic to an intrusion detection system (11.x - 13.x)
If you want a more interactive conversation you might try this:
It might not play nice with end to end encryption, though.