PCI 3.0 Compliance with LTM

Question

Hi people,&nbsp;
I have a mission to deploy a F5 LTM/ASM (in a future GTM) in a PCI 3.0 environment and it kills me because we need to balance external connections and inter-vlan traffic, no problem with that in a simple environment, but PCI requests that every traffic on VLANs is checked by an IPS.&nbsp;
So, my insights until now:&nbsp;
From WAN: 
Internet -&gt; External (1 Route Domain/ASM/LTM) -&gt; NGFW (FW/IPS) -&gt; Internal partition (4 Route Domains/LTM) -&gt; Servers&nbsp;
Inter-Vlan:
VLAN1 Server -&gt; Internal partition (VLAN1 Route Domain) -&gt; NGFW -&gt; Internal partition (VLAN2 Route Domain) -&gt; VLAN2 Server&nbsp;
Please any one already face this situation? Any thoughts about this scenario? Any tip on how improve this? Should i change this deployment based on Partitions and Route Domains to work with isolated Guests?&nbsp;
Thanks for the help!&nbsp;

joshbecigneul · Answer

I'm not 100% certain, but it sounds like you are needing to setup a SSL Intercept architecture. The following guides may help you.&nbsp;
Configuring F5 for SSL Intercept&nbsp;
iApp: SSL Intercept&nbsp;

Forum Discussion

PCI 3.0 Compliance with LTM

1 Reply

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Decoding PCI-DSS v4.0: F5's Ridiculously Easy Guide to Technical Compliance

F5 BIG-IP Advanced WAF: OWASP Top 10 Application Security Risks 2021 Compliance Dashboard

Lightboard Lessons: PCI/DSS compliance with BIG-IP

Making WAF Simple: Introducing the OWASP Compliance Dashboard

Migrating F5 BIG-IP APM From Legacy NAC Service to Compliance Retrieval Service