Forum Discussion
NimbostratusSSLO Limited with AWAF License
Dears
i m configuring a BIG IP ( existing application SSLO topology) with limited licenses (which allows only one security tool) on the BIG IP rseries box which contains AWAF license, the security tool which will be connecting on the Big IP box is an cisco IPS, and cisco recommends if you want to block threats it has to be used with 2 interfaces (In and Out) , if i m not wrong on Big IP also i have to use 2 interfaces but i would like to understand the below points
- i would like to know the configuration to route the packets to security tools ( IPS) in interface mac address and to receive traffic from the IPS out interface, i have been through the below documents but not clear anybody can route me to the configuration example which will be easy to understand
- Currently the AWAF is doing the SSL offloading if i introduce the sslo feature in the same Big IP appliance how the flow will be.
- who will be decrypting the traffic sslo service or the awaf ssl client profile
- internet ---Big ip sslo-service --security tools--awaf--Big ip sslo-service--web server
- please explain the traffic flow
neeeewbieMVP
I think you will be using route-domain
and then packet forward to IPS,WAF(make security zone using route-domain) device, after inspection, f5 device will receive the traffic and then packet forwarding to down device
lambHello
when i can use a sslo limited license i think i dont have to use the route domain, currently i m using route domain and i want to move from that.
thanks
- Lucas_Thompson
Employee
This limited mode topic is covered in the SSL Orchestrator (SSLO) deployment guide here:
https://clouddocs.f5.com/sslo-deployment-guide/sslo-11/chapter4/page4.18.html
Other than the single service and no policy, the services are set up as detailed in that deployment guide.
