When a user submits an online form on a website over HTTPS, I understand that the common practice is to do SSL offloading at the Load Balancer before traffic enters the on-prem network. Thereafter, the data is sent in the clear to the web server. (pls correct me if I am wrong.)
I saw that a vendor is proposing to have a scrubbing zone where SSL traffic is decrypted and distributed to modules such as WAF, IPS, IDS, Malware detection for analysis . Thereafter, the traffic is re-encrypted again before sending it to the webserver via TLS.
Can I check if the latter is a common practice and what are your views on the setup?