Forum Discussion
5 Replies
Sort By
- nitassEmployee
is it normal ssl offload configuration?
e.g.
[root@ve11a:Active:Changes Pending] config tmsh list ltm virtual bar ltm virtual bar { destination 172.28.20.111:443 ip-protocol tcp mask 255.255.255.255 pool foo profiles { clientssl { context clientside } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 23 } [root@ve11a:Active:Changes Pending] config tmsh list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } [root@ve11a:Active:Changes Pending] config curl -Ik https://172.28.20.111 HTTP/1.1 200 OK Date: Thu, 29 Aug 2013 04:28:31 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Thu, 23 May 2013 00:28:46 GMT ETag: "4185a8-59-c3efab80" Accept-Ranges: bytes Content-Length: 89 Content-Type: text/html; charset=UTF-8
- BeirutJack83_13Nimbostratusok lets assume on inbound traffic i want to use a gigamon device to send a copy of the ssl traffic to an ltm for ssl offload then send the decrypted cleartext to another inspection device to inspect the cleartext http as port 80 per config above, then can i reverse that process and inspect the outbound server traffic by using gigamon to send a copy of the encrypted server return traffic to the ltm to be decrypted and forwarded to the inspection device to inspect the server return traffic?
- nitass_89166Noctilucent
is it normal ssl offload configuration?
e.g.
[root@ve11a:Active:Changes Pending] config tmsh list ltm virtual bar ltm virtual bar { destination 172.28.20.111:443 ip-protocol tcp mask 255.255.255.255 pool foo profiles { clientssl { context clientside } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 23 } [root@ve11a:Active:Changes Pending] config tmsh list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } [root@ve11a:Active:Changes Pending] config curl -Ik https://172.28.20.111 HTTP/1.1 200 OK Date: Thu, 29 Aug 2013 04:28:31 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Thu, 23 May 2013 00:28:46 GMT ETag: "4185a8-59-c3efab80" Accept-Ranges: bytes Content-Length: 89 Content-Type: text/html; charset=UTF-8
- BeirutJack83_13Nimbostratusok lets assume on inbound traffic i want to use a gigamon device to send a copy of the ssl traffic to an ltm for ssl offload then send the decrypted cleartext to another inspection device to inspect the cleartext http as port 80 per config above, then can i reverse that process and inspect the outbound server traffic by using gigamon to send a copy of the encrypted server return traffic to the ltm to be decrypted and forwarded to the inspection device to inspect the server return traffic?
- nitassEmployee
ok lets assume on inbound traffic i want to use a gigamon device to send a copy of the ssl traffic to an ltm for ssl offload then send the decrypted cleartext to another inspection device to inspect the cleartext http as port 80 per config above, then can i reverse that process and inspect the outbound server traffic by using gigamon to send a copy of the encrypted server return traffic to the ltm to be decrypted and forwarded to the inspection device to inspect the server return traffic?
can you do something like this instead?
Divert Unencrypted Traffic through an IPS with Local Traffic Manager by Jason Rahm