SSLi integrate with VM
ce07
Member ✭
Which topology should I use to connect Hardware SSLi with a VM security device.
I tired single path L3 topology, still there's no traffic coming to the VM. How can I configure the SSLi-in to send decrypted traffic to a VM
0
Comments
The topology should not matter miuch....you just need to ensure that the packet pathway must explicitly pass through the VM and does not have the ability to bypass it.
@dmckillip that's the question, how can the traffic reach VM? can we tell SSLi to forward decrypted traffic to the security device VM?
Assuming a L3 topology with a L3 security device acting as a routed hop, ssli_in will need to be in the same vlan as the security device inside, and ssli_out will need to be in the same vlan as security device outside.
On ssli_in, the service-group should contain a slb server for the security device inside interface. When ssli_in forwards decrypted traffic, the destination IP will be the same, but the destination MAC address will be the security device.
The Security Device outside interface should have a default route pointing to ssli_out.
If you can share a high level topology diagram of A10 + VM Security Device, that would be helpful.
@mdunn thanks a lot for your reply.
I have attached a topology diagram. hope that helps.
Hello - I added some placeholder labels to the links. As long as vlans / routes are correct, there should be no issue sending traffic through this environment
Thank you @mdunn let us try this out.