ON Wed, Feb 20, 2002 at 10:58:34AM -0600, Austad, Jay wrote: > > Why don't you just set up an SSL proxy server that sits > > between the client > > and your web farm? > > Because I don't want to send all traffic through it. Only about 1/4 of our > traffic is SSL. I'd need to put Gig interfaces on the SSL device to send > all traffic through it. Plus, by sending all traffic through it, it becomes > a single point of failure. I meant to suggest that you forward only https/443 traffic to the SSL proxy using your load balancer, if such a feature is provided. Add SSL proxies, for redundancy and server load, as needed. It might be too expensive but I think it should work. You could replace the SSL proxies with SSL accelerator boxes and additional server NICs if you wanted. Otherwise, you could consider the PCI SSL coprocessors. These two probably don't scale well. The easiest thing to do is probably to get some case studies from the vendors and figure out why everybody else wants a bridge and you want a router. -- Michael