'clone pool' for security functions

Question

Dear All,&nbsp;
There is a need to mirror traffic to a security appliance and there is a feature in F5 called ‘Clone Pool’ that we think we might be able to leverage.
For ingress traffic, it might be easy to configure an inbound VIP to have a clone pool that mirrors traffic to a security appliance, such as Palo Alto.
For egress traffic, I’m to understand that we can create a VIP for outbound that would perform this same mirror function.  I’m not clear exactly how to configure a VIP for both this inbound and outbound purpose.&nbsp;
Thanks and Regards,
Shakeeb&nbsp;

vitaliy_savrans · Accepted Answer

Hi,&nbsp;
Clone pools can be configured to copy client-side traffic, server-side traffic, or both. A client-side clone pool causes the virtual server to replicate client-side traffic (prior to address translation) to the clone pool member. A server-side clone pool causes the virtual server to replicate server-side traffic (after address translation) to the clone pool member.&nbsp;

shakeeb_174352 · Answer

Thanks Vitaliy. Could you also point me to the server-side clone pool configuration details

Forum Discussion

'clone pool' for security functions

2 Replies

Recent Discussions

Video Streaming

Unknown Bots customization.

LB_FAILED test event

F5 APM / Connection to Provider via explicit proxy

Migrating from EasyDNS Mail to Office 365

Related Content

F5 Cloud-Native Functions For Secure DNS

Clone Pools

Clone Pool Across L3

Using ChatGPT for security and introduction of AI security

F5 Cloud-Native Functions For Modern Demands - Part 2