For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Fotios_30046's avatar
Fotios_30046
Icon for Nimbostratus rankNimbostratus
Sep 21, 2009

Access Control Between VLANs On BigIP

We have a pair of 3400's in the following configuration:     -8 port trunk with 4 vlans   -vlan 1 is public connecting bigip to firewall   -vlan 2 is production web   -vlan 3...
management
monitoring
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Sep 21, 2009
So which paths do you want to allow?

 

 

Maybe something like internet to all three web LANs, all three web LANs to internet, but no traffic between the web VLANs?

 

 

If so, you should be able to define a single performance layer 4 VIP pointing to a pool containing the firewall IP (the default gateway of the BIG-IP?) enabled only on the three web LANs.

 

 

You'd then configure specific IP:port VIPs on the internet VLAN to only allow access to the defined IP:ports of the load balancing VIPs.

 

 

The web servers from one VLAN would then not be able to reach the web servers in any other VLAN except the internet.

 

 

You could lock down which ports are actually allowed out to the internet on the firewall.

 

 

Aaron