Forum Discussion

Deepak_k_226543's avatar
Deepak_k_226543
Icon for Nimbostratus rankNimbostratus
Apr 18, 2016

ASM deployment

I have SLB in Reverse proxy mode for 3 internal vlan traffic.For those 3 vlan i'm using trunk on my slb for internal network. After the SLB i have WAF in Inline mode. Traffic is passing. i want to know how can i inspect the HTTPS traffic.

 

    • Jason_Meurer_39's avatar
      Jason_Meurer_39
      Historic F5 Account
      The SSL Intercept deployment is intended for outbound (forward proxy) traffic and may not be the correct solution here. Is your issue that the WAF you have deployed cannot sit on the Trunked ports or that the traffic on the server side connection is HTTPS encrypted? If the issue is that the server side connection is encrypted, you will want to ensure you are using an RSA based SSL cipher on the server side connection. Most WAFs can import your RSA based key and decrypt in flight. DHE/ECDHE based ciphers prevent L2 based WAFs from sitting inline.
    • shopkeeper56_23's avatar
      shopkeeper56_23
      Icon for Cirrostratus rankCirrostratus
      ^ this is correct. I might have misunderstood the OP's question. I thought his/her intention was to inspect outgoing. I assumed any incoming SSL would be terminated on the Big IP, thus already visible for ASM.