Why not use SSL between the BigIPs and Jboss? The overhead is pretty small on modern hardware, plus it's generally good form to encrypt the user traffic the whole way through your first layer at least. We used BigIPs in this very way. they provided the SSL endpoints, inspected the incoming requests using F5's security modules, did a few other things, and then reached back to the servers via SSL using internally signed certs, for the connection between DMZ1 and DMZ2. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4101504#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...