Forum Discussion
Dedicated firewall interfaces for each pool, LTM config?
I've tried using VLAN groups and keeping the firewall interface and pool members in separate vlans but it just doesn't seem that reliable? I'm running into a situation right now whereby the modified (translucent) mac-address advertised by the ltm for a particular pool shows up on both the pool and firewall VLAN, preventing access to the servers directly. The virtual IP and self-IPs ping fine however. Any ideas on what could cause this?
I've resorted to keeping everything in the same VLAN and SNATing. However I'm wondering if it is possible to see the client IPs on the servers using this method?
Thanks,
-Ken
- HamishCirrocumulusAhh... Too me a few times through the question to understand what you're trying to do. You're trying to run as a transparent (Bridge) device? Correct?
- rcheeks_75965NimbostratusYou could use XFF so the end point servers can see the real client IP address.
- yammy1688_99834NimbostratusPosted By rcheeks on 02/02/2011 04:02 PM
We have a separate subnet per pool and each subnet has a dedicated firewall interface along with associated access-lists. Due to this I cannot use the LTM as the gateway without using some trickery like source based routing.
I just went ahead with a one-armed config. Makes everything a lot simpler.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com