Forum Discussion

Jason_19901

Nimbostratus

Mar 24, 2011

SSL offload to IPS

New to the forum. I am decrypting SSL traffic on the F5 and would like an iRule to send the unencrypted data to an IPS before it gets encrypted again on its way to the node. Is this possible?

Nimbostratus

Aug 16, 2013

The problem with clone pools is that they require the IPS to actually be targeted in some way with an IP and MAC address. Many inline IPS deployments are completely transparent and there's nothing to target at L2/3. You're doing SSL offload to a ghost. This leads to the config mentioned by Steve which I have had the unfornuate experience of dealing with at length. It works but is a very complex setup. RD's are required b/c you'r processing the same traffic 2x targeting the same L2/L3 address space.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL offload to IPS

Recent Discussions

how to whitelist new source IP on F5 web UI access

F5 to read a combined CRL file

Upgrade F5 BIGIP

ISP Load Balancing, SNAT pool instead of Automap link self-ip, anyway to do health check ?

MAC address of deleted VS IP address still responsive

Related Content

AMQPs SSL offloading

Integrating SSL Orchestrator with CheckPoint Firewall VM-Explicit Proxy

Check a Virtual Server's SSL Status

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

SSL-Offloading issue

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS