Forum Discussion

Jeff_02_137093's avatar
Jeff_02_137093
Icon for Nimbostratus rankNimbostratus
Jan 27, 2015

F5 Integration with Cisco Sourcefire NGIPS - Application of Enforcement iRule

This question is based upon the following validated design document:

 

https://devcentral.f5.com/articles/high-performance-intrusion-prevention

 

"The enforcement iRule is applied to the Application Virtual Servers. The internal table of IP addresses that is maintained by the BIG-IP is queried when a new connection request is initiated. If the initiator is on the blacklist the connection request is dropped. The iRule will also log to that the client attempted to access a protected Virtual Server..."

 

My question is this - I have a performance-layer 4 Virtual Server which facilitates traffic to/from a series of networks specific to the F5 (L3 Vlan routing interfaces are unique to the F5 for these networks). This is for direct network-to-server connections not handled by standard virtual servers. Based upon the design instruction provided above, is it feasible to create the clone pools and necessary iRules on this Virtual Server to audit traffic that is not handled by an application virtual server?

 

Thanks in advance.

 

Jeff