F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Network_69318's avatar
Network_69318
Icon for Nimbostratus rankNimbostratus
Jul 13, 2011

BIG-IP LTM 6400: Direct access on real servers

Hi,     We've two BIG-IP LTM 6400 in active/standby configuration mode.   We've configured many Virtual Server but we can't directly connect to the real server.   The virtual network is on...
config
design
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Jul 14, 2011
For all my internal load-balancing VLAN's where the LTM is the default gateway, I ALWAYS configure a wildcard (Port 0) network virtual server of type forwarding for INBOUND admin traffic. That's usually enabled on all VLAN's... (There are exceptions, but they're not important here).

 

 

I tend to do the same for DMZ LTM's. But the VS's are usually configured so that ALL traffic BETWEEN, TO or FROM VLAN's/DMZ's is passed via the firewalls...

 

 

Then only the firewall needs to be concerned with whether traffic is allowed to pass from one network to another. The F5 is a Load Balancer (OK, Application Delivery Controller :), not a firewall.

 

 

Oh... 'More Specific' is a tricky subject with LTM... The definition changed from v4 to v9.... In v9 the priority is on matching the MASK, not the port... See https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6459.html (Although I'm guessing not many people would be coming from v4 nowadays :)

 

 

 

 

 

H