Lightboard Lessons: IPS Passthrough

You’ve seen our Whiteboard Wednesday videos, but we are kicking it up a notch with our new “Lightboard Lessons” video series. In this video, Jason details a solution for an IPS passthrough, preserving the client to server encryption everywhere except the handoff to the inline IPS, which requires the traffic to be in the clear. It’s a great solution that solves a unique problem and does it without the use of iRules! Instead, it relies on route domains and a vlan group to do the heavy lifting.

In addition to the video, you can read about the specifics of the solution here.

Published Oct 21, 2015
Version 1.0
application delivery
lbl
LTM

Was this article helpful?

3 Comments

Sort By
  • dragonflymr's avatar
    dragonflymr
    Icon for Cirrostratus rankCirrostratus
    May 14, 2018

    Hi,

     

    Great lesson but I am puzzled by one thing. Why inside VLAN Group is needed? Is that only necessary when VS IP on IN-L2 is in the same subnet as PM IPs on IN VLAN? As far as I understand if PMs are in different subnet than VS IP VLAN Group should not be required - or I Am wrong here?

     

    Piotr

     

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    May 31, 2018

    Hi Piotr, Yes, if inside pool members were on different subnet you could just have a vip (still on differnet route domain than outside though) on the IPS inside vlan to provide the arp.

     

  • dragonflymr's avatar
    dragonflymr
    Icon for Cirrostratus rankCirrostratus
    Jun 05, 2018

    Hi,

     

    Thanks a lot for confirmation. Everything clear now :-)

     

    Piotr