Lightboard Lessons: IPS Passthrough

You’ve seen our Whiteboard Wednesday videos, but we are kicking it up a notch with our new “Lightboard Lessons” video series. In this video, Jason details a solution for an IPS passthrough, preserving the client to server encryption everywhere except the handoff to the inline IPS, which requires the traffic to be in the clear. It’s a great solution that solves a unique problem and does it without the use of iRules! Instead, it relies on route domains and a vlan group to do the heavy lifting.

In addition to the video, you can read about the specifics of the solution here.

Published Oct 21, 2015
Version 1.0
  • Hi,

     

    Great lesson but I am puzzled by one thing. Why inside VLAN Group is needed? Is that only necessary when VS IP on IN-L2 is in the same subnet as PM IPs on IN VLAN? As far as I understand if PMs are in different subnet than VS IP VLAN Group should not be required - or I Am wrong here?

     

    Piotr

     

  • Hi Piotr, Yes, if inside pool members were on different subnet you could just have a vip (still on differnet route domain than outside though) on the IPS inside vlan to provide the arp.

     

  • Hi,

     

    Thanks a lot for confirmation. Everything clear now :-)

     

    Piotr