Forum Discussion

lamb's avatar
Icon for Nimbostratus rankNimbostratus
Mar 28, 2024

SSLO Limited with AWAF License


 i m configuring a BIG IP  ( existing application SSLO topology) with limited licenses (which allows only one security tool) on the BIG IP rseries box which contains AWAF license, the security tool which will be connecting on the Big IP box is an cisco IPS,  and cisco recommends if you want to block threats it has to be used with 2 interfaces (In and Out) , if i m not wrong on Big IP also i have to use 2  interfaces but i would like to understand the below points


  • i would like to know the configuration to route the packets to security tools ( IPS) in interface mac address and to receive traffic from the IPS out interface, i have been through the below documents but not clear anybody can route me to the configuration example which will be easy to understand
  • Currently the AWAF is doing the SSL offloading if i introduce the sslo feature in the same Big IP appliance how the flow will be.
    • who will be decrypting the traffic sslo service or the awaf ssl client profile 
    • internet ---Big ip sslo-service --security tools--awaf--Big ip sslo-service--web server
  • please explain the traffic flow

3 Replies

  • I think you will be using route-domain

    and then packet forward to IPS,WAF(make security zone using route-domain) device, after inspection, f5 device will receive the traffic and then packet forwarding to down device

  • lamb's avatar
    Icon for Nimbostratus rankNimbostratus


    when i can use a sslo limited license i think i dont have to use the route domain, currently i m using route domain and i want to move from that.