F5 BigIP + TAP NetworkCritical + Fraud Detetion
From the past days I have been struggling with a weird problem.
We have been migrating some web servers from HAProxy to the BigIP LTM.
The migration it's straightforward, BigIP make de SSL termination to the client and use the respective Pool to the App servers.
We have a solution that need to receive the same traffic (between the client and BigIP), and we are using a TAP device to SPAN all the traffic. The same traffic are been delivery to the TAP encrypted.
In the other end the TAP delivery that traffic to a Fraud Detection solution, that have the ability to decrypt the traffic and run some signatures.
The weird behaviour is from the Fraud Detection solution, it's not say that is unable to decrypt the traffic, but not process any traffic from the BigIP. If we switch back to the HAProxy web server's everything works. Both BigIP and HAProxy are using the same public and private key. We have compared some tcpdumps and don't see any difference between TLS protocol or cipher that are been negotiated.
Any ideia if BigIP change something in the traffic?