there is no inspection on my firewall. the firewall even do not contain the Certificate to be ablt to decrypt the traffic for inspection.
here is the related confguration:
ltm node /Common/10.0.35.55 {
address 10.0.35.55
}
ltm node /Common/10.0.35.56 {
address 10.0.35.56
}
ltm node /Common/10.0.35.57 {
address 10.0.35.57
}
ltm pool /Common/IB-APP.app/IB-APP_pool {
app-service /Common/IB-APP.app/IB-APP
members {
/Common/10.0.35.55:http {
address 10.0.35.55
}
/Common/10.0.35.56:http {
address 10.0.35.56
}
/Common/10.0.35.57:http {
address 10.0.35.57
}
}
monitor /Common/tcp
slow-ramp-time 300
}
ltm rule /Common/IB-APP.app/IB-APP_irule {
app-service /Common/IB-APP.app/IB-APP
when HTTP_REQUEST {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
when HTTP_RESPONSE {
foreach cookie [HTTP::cookie names]
{
HTTP::cookie secure $cookie enable
}
}
}
ltm rule /Common/IB-HTTPs-Rule {
Notify the backend servers that this traffic was SSL offloaded by the F5.
when HTTP_REQUEST {
HTTP::header insert "X-Forwarded-Proto" "https";
}
when HTTP_RESPONSE {
foreach mycookie [HTTP::cookie names] {
HTTP::cookie secure $mycookie enable
}
}
}
ltm rule /Common/IB-OTP.app/IB-OTP_irule {
app-service /Common/IB-OTP.app/IB-OTP
when HTTP_REQUEST {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
}
ltm virtual /Common/IB-APP.app/IB-APP_http {
app-service /Common/IB-APP.app/IB-APP
destination /Common/10.0.35.28:http
ip-protocol tcp
mask 255.255.255.255
persist {
/Common/IB-APP.app/IB-APP_cookie_persistence_profile {
default yes
}
}
profiles {
/Common/IB-APP.app/IB-APP_caching_profile { }
/Common/IB-APP.app/IB-APP_http_profile { }
/Common/IB-APP.app/IB-APP_lan-optimized_tcp_profile {
context serverside
}
/Common/IB-APP.app/IB-APP_wan-optimized-compression_profile { }
/Common/IB-APP.app/IB-APP_wan-optimized_tcp_profile {
context clientside
}
}
rules {
/Common/IB-APP.app/IB-APP_irule
}
vlans-disabled
}
ltm virtual /Common/IB-APP.app/IB-APP_https {
app-service /Common/IB-APP.app/IB-APP
destination /Common/10.0.35.28:https
ip-protocol tcp
mask 255.255.255.255
persist {
/Common/IB-APP.app/IB-APP_cookie_persistence_profile {
default yes
}
}
pool /Common/IB-APP.app/IB-APP_pool
profiles {
/Common/IB-APP.app/IB-APP_clientssl {
context clientside
}
/Common/IB-APP.app/IB-APP_http_profile { }
/Common/IB-APP.app/IB-APP_lan-optimized_tcp_profile {
context serverside
}
/Common/IB-APP.app/IB-APP_oneconnect { }
/Common/IB-APP.app/IB-APP_wan-optimized_tcp_profile {
context clientside
}
}
snat automap
vlans-disabled