Lightboard Lessons: IPS Passthrough
You’ve seen our Whiteboard Wednesday videos, but we are kicking it up a notch with our new “Lightboard Lessons” video series. In this video, Jason details a solution for an IPS passthrough, preserving the client to server encryption everywhere except the handoff to the inline IPS, which requires the traffic to be in the clear. It’s a great solution that solves a unique problem and does it without the use of iRules! Instead, it relies on route domains and a vlan group to do the heavy lifting.
In addition to the video, you can read about the specifics of the solution here.
Published Oct 21, 2015
Version 1.0
JRahm
Admin
AdminJRahmAdmin
Admin
dragonflymrCirrostratus
Hi,
Great lesson but I am puzzled by one thing. Why inside VLAN Group is needed? Is that only necessary when VS IP on IN-L2 is in the same subnet as PM IPs on IN VLAN? As far as I understand if PMs are in different subnet than VS IP VLAN Group should not be required - or I Am wrong here?
Piotr
- JRahm
Hi Piotr, Yes, if inside pool members were on different subnet you could just have a vip (still on differnet route domain than outside though) on the IPS inside vlan to provide the arp.
- dragonflymr
Hi,
Thanks a lot for confirmation. Everything clear now :-)
Piotr
