F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Surendar1's avatar
Surendar1
Icon for Nimbostratus rankNimbostratus
Jan 26, 2024

Create One VirtualServer[VIP] with Multiple Ports

Hi, Currently the setup I have is, on a single partition I have 100+ VIP's with same ip, pointing to different ports. The reason for this setup is, we have postgres & redis-opendb database running o...
iRules
Surendar1's avatar
Surendar1
Icon for Nimbostratus rankNimbostratus
Jan 30, 2024

in that case, will it not be a multiple VIP entries? 

PhatANhappy's avatar
PhatANhappy
Icon for MVP rankMVP
Jan 31, 2024

f5 will answer listen most specific to least specific.   you can apply both in some cases -I have setup 3 vips on one IP address
80----8080,  443 --- 8443, and also a wild card to pickup a range   :0   to :0
I prefer to set the firewall rule to limit the port range at layer 3/4, setting the ingress firewall rule to allow 80,443, 10000-20000.
in that case - pattern match for 80/443 will do a redirect as needed - and the f5 will take all other ports "that arrive" on the interface as a 1:1 mapping  10000---10000,  10001-10001 etc.    since the firewall (ingress rule) is restricted to the range,   traffic will not arrive on ports 20 or 21 or 40,000....
if all your mappings are straight across 80-80, 443-443 ---- you can use a wildcard for all of them, keeping in line with the firewall rule to prevent the bad.