Forum Discussion

sushil_89154's avatar
sushil_89154
Icon for Nimbostratus rankNimbostratus
Feb 17, 2009

help required for product selection !

Hi all i am new to BIG-IP products.

 

 

I am looking for a solution in F5 but i am not able to find out the right product which can match my requirements.

 

 

here;s my requirement.

 

 

i need the https connections to be terminated on the f5 product after decrypting the ssl traffic it should be scanned by the web application firewall to check for malicious code. after the firewall inspection the packet needs to be re-encrypted and send to the internal server.

 

 

can the F5 ASM module match these requirements of application firewall and sll offloading and re-encryption.

 

 

Regards

 

 

Sushil
config
design

3 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Feb 17, 2009
    Hi Sushil,

     

     

    The ASM standalone supports SSL decryption and re-encryption, but not load balancing. For load balancing, you'd need to get a 3600, 6400, 8400 or higher. You can check the f5.com site for sales contacts to get in touch with an F5 salesperson or partner.

     

     

    Aaron
  • sushil_89154's avatar
    sushil_89154
    Icon for Nimbostratus rankNimbostratus
    Feb 17, 2009
    Hi mate thanks a lot for ur reply.

     

     

    i checked the website on f5.com but there is little confusion i am facing out here.

     

     

    like u said the asm module as a standalone appliance supports ssl offloading. but in the configuration of asm i couldn;t find anything about ssl in there.

     

     

    from the hardware point of view i guess the 3600 is a valid asm standalone appliance but even for LTM it shows 3600. i am really confused.

     

     

    can u please help me out .

     

     

    regards

     

     

    sushil

     

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Feb 17, 2009
    Hi Sushil,

     

     

    Sorry, I left out the 4100 platform. That was the original ASM standalone platform. It is the only platform you can run the current ASM maintenance release (9.3.1) on:

     

     

     

    https://support.f5.com/kb/en-us/products/big-ip_asm/releasenotes/product/relnotes9_3_1_asm.htmlplatformsupport

     

    This release supports the following platforms:

     

    * BIG-IP 4100 (D46)

     

    * BIG-IP 6400 (D63)

     

    * BIG-IP 6800 (D68)

     

    You can run the standalone version of the Application Security Manager only on the 4100 platform (D46).

     

     

     

     

    9.4.6 (the current feature release for ASM) supports some additional higher end platforms. It also allows you to run the ASM standalone license on the 3600 platform:

     

     

     

    https://support.f5.com/kb/en-us/products/big-ip_asm/releasenotes/product/relnotes9_4_6_asm.htmlplatformsupport

     

    Supported platforms

     

    This release supports the following platforms:

     

    * BIG-IP 3600 (C103)

     

    * BIG-IP 4100 (D46)

     

    * BIG-IP 6400 (D63)

     

    * BIG-IP 6800 (D68)

     

    * BIG-IP 6900 (D104)

     

    * BIG-IP 8400 (D84)

     

    * BIG-IP 8800 (D88)

     

    Note: You can run the standalone version of the Application Security Manager only on the 4100 platform (D46) and the 3600 (C103) platform.

     

     

     

     

    Any ASM license (and any platform that ASM runs on) should support client and server side SSL assuming it is licensed.

     

     

    I would think for most scenarios it's worth the additional cost of the full LTM and ASM license (not the standalone ASM license) so you can use the additional features like load balancing.

     

     

    You could try contacting an F5 salesperson through the F5 site (Click here) to talk with someone about the various licensing/platform options.

     

     

    Aaron