lamb
Mar 28, 2024Nimbostratus
SSLO Limited with AWAF License
Dears
i m configuring a BIG IP ( existing application SSLO topology) with limited licenses (which allows only one security tool) on the BIG IP rseries box which contains AWAF license, the security tool which will be connecting on the Big IP box is an cisco IPS, and cisco recommends if you want to block threats it has to be used with 2 interfaces (In and Out) , if i m not wrong on Big IP also i have to use 2 interfaces but i would like to understand the below points
- i would like to know the configuration to route the packets to security tools ( IPS) in interface mac address and to receive traffic from the IPS out interface, i have been through the below documents but not clear anybody can route me to the configuration example which will be easy to understand
- Currently the AWAF is doing the SSL offloading if i introduce the sslo feature in the same Big IP appliance how the flow will be.
- who will be decrypting the traffic sslo service or the awaf ssl client profile
- internet ---Big ip sslo-service --security tools--awaf--Big ip sslo-service--web server
- please explain the traffic flow