Technical Articles
F5 SMEs share good practice.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
JRahm
Community Manager
Community Manager

You’ve seen our Whiteboard Wednesday videos, but we are kicking it up a notch with our new “Lightboard Lessons” video series. In this video, Jason details a solution for an IPS passthrough, preserving the client to server encryption everywhere except the handoff to the inline IPS, which requires the traffic to be in the clear. It’s a great solution that solves a unique problem and does it without the use of iRules! Instead, it relies on route domains and a vlan group to do the heavy lifting.

In addition to the video, you can read about the specifics of the solution here.

Comments
dragonflymr
Cirrostratus
Cirrostratus

Hi,

 

Great lesson but I am puzzled by one thing. Why inside VLAN Group is needed? Is that only necessary when VS IP on IN-L2 is in the same subnet as PM IPs on IN VLAN? As far as I understand if PMs are in different subnet than VS IP VLAN Group should not be required - or I Am wrong here?

 

Piotr

 

JRahm
Community Manager
Community Manager

Hi Piotr, Yes, if inside pool members were on different subnet you could just have a vip (still on differnet route domain than outside though) on the IPS inside vlan to provide the arp.

 

dragonflymr
Cirrostratus
Cirrostratus

Hi,

 

Thanks a lot for confirmation. Everything clear now 🙂

 

Piotr

 

Version history
Last update:
‎21-Oct-2015 03:47
Updated by:
Contributors