Which topology should I use to connect Hardware SSLi with a VM security device.
I tired single path L3 topology, still there’s no traffic coming to the VM. How can I configure the SSLi-in to send decrypted traffic to a VM
The topology should not matter miuch…you just need to ensure that the packet pathway must explicitly pass through the VM and does not have the ability to bypass it.
that’s the question, how can the traffic reach VM? can we tell SSLi to forward decrypted traffic to the security device VM?
Assuming a L3 topology with a L3 security device acting as a routed hop, ssli_in will need to be in the same vlan as the security device inside, and ssli_out will need to be in the same vlan as security device outside.
On ssli_in, the service-group should contain a slb server for the security device inside interface. When ssli_in forwards decrypted traffic, the destination IP will be the same, but the destination MAC address will be the security device.
The Security Device outside interface should have a default route pointing to ssli_out.
If you can share a high level topology diagram of A10 + VM Security Device, that would be helpful.
Hello - I added some placeholder labels to the links. As long as vlans / routes are correct, there should be no issue sending traffic through this environment
Thank you let us try this out.