PCI 3.0 Compliance with LTM

Question

Hi people,&nbsp;
I have a mission to deploy a F5 LTM/ASM (in a future GTM) in a PCI 3.0 environment and it kills me because we need to balance external connections and inter-vlan traffic, no problem with that in a simple environment, but PCI requests that every traffic on VLANs is checked by an IPS.&nbsp;
So, my insights until now:&nbsp;
From WAN: 
Internet -&gt; External (1 Route Domain/ASM/LTM) -&gt; NGFW (FW/IPS) -&gt; Internal partition (4 Route Domains/LTM) -&gt; Servers&nbsp;
Inter-Vlan:
VLAN1 Server -&gt; Internal partition (VLAN1 Route Domain) -&gt; NGFW -&gt; Internal partition (VLAN2 Route Domain) -&gt; VLAN2 Server&nbsp;
Please any one already face this situation? Any thoughts about this scenario? Any tip on how improve this? Should i change this deployment based on Partitions and Route Domains to work with isolated Guests?&nbsp;
Thanks for the help!&nbsp;

joshbecigneul · Answer

I'm not 100% certain, but it sounds like you are needing to setup a SSL Intercept architecture. The following guides may help you.&nbsp;
Configuring F5 for SSL Intercept&nbsp;
iApp: SSL Intercept&nbsp;

Forum Discussion

PCI 3.0 Compliance with LTM

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Illegal Metacharacter in Parameter Name in Json Data

Cisco TACACS+ Config on ISE LTM Pair

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Related Content

Decoding PCI-DSS v4.0: F5's Ridiculously Easy Guide to Technical Compliance

BIG-IP security hardening and compliance checks

Lightboard Lessons: PCI/DSS compliance with BIG-IP

Meeting the Federal Quantum Challenge: How F5 Enables Compliance with New Government Mandates

Making WAF Simple: Introducing the OWASP Compliance Dashboard

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS