Follow

Does F5 Silverline offer SSL Bridge option?

Question

Does F5 Silverline offer SSL Bridge option? 

  • What are the other alternatives to SSL Bridge that is available?
  • What are the options that we have if we do not need to create a new certificate with F5 Silverline DDoS services?

 

Environment

  • Proxy
    • DDoS
    • WAF

Answer

Unfortunately we don’t have SSL Bridging feature in F5 Silverline; however, we have different options we can provide for traffic handling:

  • Passthrough
    • In the passthrough; certificate/key pair is not required but that comes with a cost that we cannot perform L7 inspection; thus cannot protect against attacks at this layer as our visibility is limited. However, we can provide protection at L3 - L4 and take actions on any potential attack. To reiterate, this is the only option we have available that do not require certificate/key pairs for traffic inspection.
  • SSL Offload/Termination
    • In the SSL Offload/Termination; a certificate/key pair are required in order to perform decryption and inspection of the incoming traffic. This enables the SOC to have visibility and create the L7 DDoS profiles for baselining also to create necessary signatures for any potential attack.

We understand that sometimes is not possible to export the private keys due to your organization policies; however, what we can offer is to create a CSR that you can take to your CA to sign the valid certificate. Once signed, you can provide the public certificate to us and the private key generated for the CSR will remain confidential and stored securely in our PCI-certified infrastructure.

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request