Forum Discussion
NimbostratusF5 Integration with Cisco Sourcefire NGIPS - Application of Enforcement iRule
This question is based upon the following validated design document:
https://devcentral.f5.com/articles/high-performance-intrusion-prevention
"The enforcement iRule is applied to the Application Virtual Servers. The internal table of IP addresses that is maintained by the BIG-IP is queried when a new connection request is initiated. If the initiator is on the blacklist the connection request is dropped. The iRule will also log to that the client attempted to access a protected Virtual Server..."
My question is this - I have a performance-layer 4 Virtual Server which facilitates traffic to/from a series of networks specific to the F5 (L3 Vlan routing interfaces are unique to the F5 for these networks). This is for direct network-to-server connections not handled by standard virtual servers. Based upon the design instruction provided above, is it feasible to create the clone pools and necessary iRules on this Virtual Server to audit traffic that is not handled by an application virtual server?
Thanks in advance.
Jeff
1 Reply
What_Lies_Bene1Cirrostratus
I don't see why not; the iRule presumably works at the IP layer so there shouldn't be any issue applying it to a FastL4 VS.
