Lightboard Lessons: IPS Passthrough
You’ve seen our Whiteboard Wednesday videos, but we are kicking it up a notch with our new “Lightboard Lessons” video series. In this video, Jason details a solution for an IPS passthrough, preserving the client to server encryption everywhere except the handoff to the inline IPS, which requires the traffic to be in the clear. It’s a great solution that solves a unique problem and does it without the use of iRules! Instead, it relies on route domains and a vlan group to do the heavy lifting.
In addition to the video, you can read about the specifics of the solution here.
- dragonflymrCirrostratus
Hi,
Great lesson but I am puzzled by one thing. Why inside VLAN Group is needed? Is that only necessary when VS IP on IN-L2 is in the same subnet as PM IPs on IN VLAN? As far as I understand if PMs are in different subnet than VS IP VLAN Group should not be required - or I Am wrong here?
Piotr
- JRahmAdmin
Hi Piotr, Yes, if inside pool members were on different subnet you could just have a vip (still on differnet route domain than outside though) on the IPS inside vlan to provide the arp.
- dragonflymrCirrostratus
Hi,
Thanks a lot for confirmation. Everything clear now :-)
Piotr