Incident Remediation with Cisco Firepower and F5 SSL Orchestrator

SSL Orchestrator Configuration steps This guide assumes you have a working SSL Orchestrator Topology, either Incoming or Outgoing, and you want to add a Cisco Firepower TAP Service. Both Topology ty...
Published Aug 18, 2020
Version 1.0
BIG-IP
cisco
firepower
integration
iRules
remediation
security
sslo
KevinGallaugher's avatar
Icon for Employee rankEmployee
Technical Marketing Engineer for SSL Orchestrator. I have over 25 years experience in Cybersecurity, with over 15 years spent as a Technical Marketing Engineer. Prior to F5 I worked at Blue Coat, Gigamon and Fortinet.
View Profile
KevinGallaugher's avatar
Icon for Employee rankEmployee
Technical Marketing Engineer for SSL Orchestrator. I have over 25 years experience in Cybersecurity, with over 15 years spent as a Technical Marketing Engineer. Prior to F5 I worked at Blue Coat, Gigamon and Fortinet.
View Profile
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Aug 27, 2020

Hi,

 Probably I could but let's assume setup like that:

  1. Single L2 Outbound Topology protecting internal users access to Internet - so any internal source IP/VLAN should be intercepted
  2. Additional protection using described setup should be used for the same traffic

In this case there is no clear differentiation that can be used in configuration of FTD-Protect VS in compare to topology ingress VS. So question is if adding FTD-Protect iRule to topology ingress VS (and not creating FTD-Protect VS at all) could cause any issues or this is a way to go. At first look I can't see any issues but maybe I am wrong?

Piotr