SSL decryption for IPS on REVERSE proxy
Hi, We have been trying to get our IPS solution installed so that the Big-IP decrypts, sends to IPS, then re-encrypts before sending the packet on to it's destination. It is on a Big-IP Reverse Proxy. All of the deployment guides only address Proxy SSL (FORWARD proxying). I understand that the difference between Reverse and Forward are significant enough that the deployment guides for Forward will not work. The problem is that the site becomes very slow once we enable the decryption/redirection. We also see some SSL traffic on the private VLANs between the IPS and the Big-IP. This should never happen if the iRule is working properly. The flow is from the Internet is: Internet > Firewall > F5 1 > load balanced IPS > F5 1 > destination Here is the iRule we are using: when CLIENT_ACCEPTED { perform operation on percentage of traffic set percent [class lookup percent vip_presets] if { rand() < $percent } { SSL::disable serverside log local0. "SSL disabled serverside and random selected" get the name of the default pool and store in a variable set app_pool [LB::server pool] log local0. "app_pool set to $app_pool" check for active members of the security device pool if { [active_members IPS_Pool] > 0 } { get load balanced L3 service pool IPS_Pool set L3 [lindex [split [LB::select]] 3] log local0. "HTTPS IPS sensor selected is $L3" use snat none if snat is enabled in VS config but needs to be disabled for routing through security devices snat none } else { inline service failed - go direct to app pool log local0. "L3 IPS service down" SSL::enable serverside log local0. "ssl enabled serverside" snat as required snat automap } re-select the app pool pool $app_pool log local0. "HTTPS pool is $app_pool" } else { log local0. "HTTPS not redirected" } } when LB_SELECTED { if { [info exists L3] } { nexthop through L3 service LB::reselect nexthop ${L3} log local0. "routing through IPS - HTTPS LB reselected $L3" } } Any ideas, suggestions, or things to try are greatly appreciated!
SSLO routing error
Hi guys, Whenever I try to run the SSLO with the services I always get the request back from my servers but if I add the services in the service chain it's not pushing thru. The devices are reachable with the corresponding interfaces, but I really can't seem to route and inspect the traffic from the services. Any ideas on how to fix this? Are there particular configurations that should be made first with my IPS to route the incoming traffic to the outgoing interface? I'm really lost on this one.Is it possible to set multiple IPs in the Source IP Address of the advanced ASM Event log search?
Hi, I want to exclude a couple IPs from the event logs I am looking at. I can set the drop down to 'is not' for the Source IP field and enter one IP address, removing this one IP from the event logs I am searching. Is there an operator or something similar that I can use to separate multiple IPs to remove more than one IP from the event logs? Thank You. Kind Regards ChrisProvide internet access for servers behind the LTM configured with 2 different route domains (Outside/Inside)
Hello everybody, Would you please help me provide internet access for one of my servers behind the LTM. I know how to do it without route domains but because of IPS Passthrough design I configured to different route domains. traffic from outbound (route domain outside) to inbound (route domain inside) is working fine but from inside to outside is not working. Any ideas appreciated.