Options
Any F5 Pros around here?
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
in Off-Topic
F5 pros are far and in between. Here is my dilemma:
I have a problem in that we are trying to implement the Cisco WAAS appliance in the data center and branch sites. The WAAS does not support DRE for encrypted traffic. I also have 12 MPLS sites that do not necessarily need SSL tunnels to the WEb APP since MPLS is private anyways.
For posture assessment reasons we have chosen to use the Firepass device as an entry point for our webservers. So thats why we are using the firepass to deliver apps to MPLS sites instead of having those users HTTP straight into the webserver.
Now to my Question:
Is there a way that I can use session variables based on source IP address, and have the traffic that meets the condition, be split tunneled to the webserver in the DMZ? I basically want to use the firepass, but have an unencrypted connection to my webserver. Only for MPLS sites though. From the firepass front end, I still need an unencrypted portal to the web app.
Also note that the firepass does not have an interface in the DMZ. Traffic hits the firepass, then gets routed back out to the outside, and from the outside, it goes through the firewall and offloads SSL to the LTM.
I need a DOC or someone to help me out. I might have to get F5 support on this one.
Thanks in advance.
I have a problem in that we are trying to implement the Cisco WAAS appliance in the data center and branch sites. The WAAS does not support DRE for encrypted traffic. I also have 12 MPLS sites that do not necessarily need SSL tunnels to the WEb APP since MPLS is private anyways.
For posture assessment reasons we have chosen to use the Firepass device as an entry point for our webservers. So thats why we are using the firepass to deliver apps to MPLS sites instead of having those users HTTP straight into the webserver.
Now to my Question:
Is there a way that I can use session variables based on source IP address, and have the traffic that meets the condition, be split tunneled to the webserver in the DMZ? I basically want to use the firepass, but have an unencrypted connection to my webserver. Only for MPLS sites though. From the firepass front end, I still need an unencrypted portal to the web app.
Also note that the firepass does not have an interface in the DMZ. Traffic hits the firepass, then gets routed back out to the outside, and from the outside, it goes through the firewall and offloads SSL to the LTM.
I need a DOC or someone to help me out. I might have to get F5 support on this one.
Thanks in advance.
There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!