Forum Discussion
NimbostratusBoth Specific port and Wildcard VS on the same VIP
Hi F5 gurus ,
I need help to understand what is the best practice in the following scenario. I have the following VS
s :
FTP (port 21)
SFTP (port 22)
SFTP implicit ( port 990)
Because explicit FTPs (TLS) also was needed I had to build a wildcard VS (all ports) .
I understand that if a specific port is VS exists the traffic will be processed by that VS and it defaults to the wildcard.
On the technical side everything seems to be working fine , however IFTP (port 21) SFTP (port 22) SFTP implicit ( port 990)
Because explicit FTPs (TLS) also was needed I had to build a wildcard VS (all ports) .
I understand that if a specific port is VS exists the traffic will be processed by that VS and it defaults to the wildcard. On the technical side everything seems to be working fine , however I
m wondering about the best practice , which brings me to the following questions :
Should I leave port specific VSShould I leave port specific VS`s in place or delete them and let the traffic be processed by the wildcard VS.
Thanks, Adrian
1 Reply
Yann_DesmarestCirrus
Hi,
You are right, there is a precedence on the Virtual Servers :
https://support.f5.com/kb/en-us/solutions/public/14000/800/sol14800.html
In terms of Best Practices, the more specific the VS is, the more control you get over the TCP/IP stack. In my short experience with F5 products, I would highly recommend to define specific VS when possible.
