Lab 7: Configure A Clone Pool For SSL Visibility To IDS Sensors Or Other Security Tools ======================================================================================= SSL encrypted traffic poses a problem for most security devices. The performance of those devices is significantly impacted when trying to decrypt SSL traffic. Since the BIG-IP is designed to handle SSL traffic with specialized hardware and optimized software libraries, it is in the unique position to 'hand-off' a copy of the decrypted traffic to other devices. In this solution, since the BIG-IP is terminating SSL on the external virtual server, when we forward the traffic to the secondary virtual server in clear-text we have an opportunity to make an unencrypted copy of the application traffic and send it to an external sensor such as an IDS for further security assessment. On BIG-IP Configure a new Pool. **Navigation:** Local Traffic > Pools > Pool List > Click Create. +-------------+----------------------+---------------+--------------------+ | **Name** | **Health Monitor** | **Members** | **Service Port** | +=============+======================+===============+====================+ | IDS\_Pool | gateway\_icmp | 172.1.1.11 | \* | +-------------+----------------------+---------------+--------------------+ |image58| .. Note:: Leave all other fields using the default values. **Navigation:** Click Finished. Attach the *IDS\_Pool* as a clone pool to the server side of the external virtual server **Navigation:** Local Traffic > Virtual Servers > Virtual Server List > EXT\_VIP\_10.10.99.30. **Navigation:** Configuration > Advanced. |image59| **Navigation:** Scroll to the configuration for Clone Pools and select the IDS\_Pool |image60| **Navigation:** Click on update at the bottom of the page. .. Note:: Leave all other fields using the default values. **Navigation:** SSH in to the Syslog/Webserver Run sudo tcpdump –i eth2 -c 200 port 80 .. code-block:: console root@syslogWebserver:~# sudo tcpdump -i eth2 -c 200 port 80 Initiate another attempt to connect to the website via curl or your web browser on the Windows host. .. code-block:: console curl -k https://10.10.99.30 -H 'Host:www.mysite.com'