F5 Client IP Address
I m setting up f5 LTM and AWAF and they are two separate boxes, i would like to know the below
- The traffic should be received by LTM first or AWAF ?, if AWAF ? then how AWAF will inspects the https traffic becz it is encrypted.
- I don't want to buy SSL orchestrator becz i dont have seperate IPS, i would like to do inspection of the traffic by the AWAF itself is that a correct
- In my opinion the traffic should hit to LTM first it should be ssl off loaded and the clear text traffic should be send it to the AWAF, please correct me ? if this is the case then AWAF has to be positioned in layer 2 mode ( bump in the wire ) is this mode available in f5 ? and please suggest if this design approach is correct ?
- I would like to preserve client IP Address and i dont want a perform source NAT neither i want to change the default gateway of the servers from firewall to f5, is there any way to preserve the client Public ip address? by any of the design.
Please do not suggest me to involve local country f5 system engineer to help me.