> Why don't you just set up an SSL proxy server that sits > between the client > and your web farm? Because I don't want to send all traffic through it. Only about 1/4 of our traffic is SSL. I'd need to put Gig interfaces on the SSL device to send all traffic through it. Plus, by sending all traffic through it, it becomes a single point of failure. What I'd like to do, is peel off any traffic with a destination port of 443 and be able to send it through the SSL appliance. The problem with this is, the SSL appliance is simply a layer 2 bridge which inspects layer 4 traffic and plays around with port 443 stuff. It doesn't have an ip that I can "route" to, it has to be done on a layer 2 level. I can turn on layer 3 switching on my switch, and maybe do some magic with that, but I don't think cisco's layer 3 switching stuff has enough functionality to do what I want. Some of the SSL appliances I looked at actually had a virtual ip with several nodes behind it for each cluster, but I'd like to stay away from this if possible because I already have a load balancing system which does this, and I don't want to add another layer of it. I can't have two separate ip's for ssl and non-ssl traffic either, each virtual server on my current system must have both a port 80 and a port 443. In any case, I'll deal with this when I have some equipment to test with. My priority now is to find something that will work, and has a decent pricetag on it. So if anyone knows of anything, let me know. I've looked at Alteon, Intel, Sonicwall, and Galea so far. Jay > > -- > Michael > > _______________________________________________ > Twin Cities Linux Users Group Mailing List - Minneapolis/St. > Paul, Minnesota > http://www.mn-linux.org > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >