Divert Unencrypted Traffic through an IPS with Local Traffic Manager

The Challenge A customer had a request of fellow St Louisan and F5er Brent Imhoff. They wanted the BIG-IP to decrypt traffic, send it through an in-line pass through  IPS, receive the traffic back...
Published Jul 12, 2012
Version 1.0
news
tech tip
sudonix_88648's avatar
sudonix_88648
Icon for Nimbostratus rankNimbostratus
Jul 12, 2018

This puts the IPS inline so it would be fully capable of blocking. The use of the route domain allows a single device to achieve similar functionality to the sandwich method. I suppose vCMP could also be used to achieve a similar result if you had large enough hardware to support it.

 

I'm having a hard time wrapping my head around how you would scale the IPS in this model. If, for instance, I had a pair of F5s and multiple IPS appliances. How would I support that?