F5 HA Pair in front of DMZ IDS/IPS/Firewall Appliance
I have seen a few topics on this, but I may have missed the solution. We are trying to deploy a Best Bundle VE HA pair in front of our Core IPS/Firewall appliance, which is also clustered within Azure. I have only worked the F5 in the capacity of it acting as a reverse proxy. It is being deployed in this fashion to view decrypted traffic between Web/DMZ and the other internal enclaves and to also limit the number of public IP connections in the cloud.
We would want the F5 pair to route directly to the web/DMZ but for traffic coming back up(initiated from LAN) from the firewall appliance, to route outbound directly to the internet, while also utilizing the AFM. What key pieces are required to make outbound traffic work with respect to LAN initiated traffic destined to internet. We know the firewall will have a default router to the LTM. But are unsure if that's virtual server, or the self IPs, etc...Any help would be appreciated.