Forum Discussion
pimp_94745
Nimbostratus
Nov 12, 2009SSL decryption to IDS
Hi All,
We have a need to inspect SSL encrypted traffic using an IDS. The one we have doesnt support SSL decryption.
What we are looking at doing is the following:
1, Routing all required traffic to our F5
2, Hanging our IDS off the side of the F5
3, The F5 will terminate the SSL connection, then forward it to the IDS.
4, IDS will inspect and the traffic will go back to the F5
5, The F5 will re-encypt the traffic (if possible) and send it to the destination in a load balanced way.
Im quite green when it comes to F5 administration. Is it possible to actually do this and any pointers as to how would be really appreciated!!!
Many thanks
Al Edgar CEH
IT Security Specialist
Paymark Ltd
6 Replies
- hoolio
Cirrostratus
Hi Al, - PJG_71968
Nimbostratus
Hi There.. - hoolio
Cirrostratus
Hi Phil, - Snowman_108161
Nimbostratus
So any update on this? I'm looking to do the exact same thing for a DLP sensor for our OWA and ActiveSync virtual servers - Brent_10074
Nimbostratus
This is possible.. I just did a similar thing at a customer site not so long ago. You'll need two route domains, one externally facing and one internally facing. The external route-domain has a VS with the client-ssl profile to decrypt the packet. This virtual server is tied to a pool with a member that is the IP address of a second VS that exists on the Internal route-domain. The VS on the Internal side has no client-ssl profile, but has a server SSL profile (if you want to re-encrypt..) and is tied to a pool of the resource that you'd actually like to hit. - I wrote this solution up and released as a tech tip:
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects