Dedicated firewall interfaces for each pool, LTM config?

Ahh... Too me a few times through the question to understand what you're trying to do. You're trying to run as a transparent (Bridge) device? Correct?

 

 

 

I'm not even sure that's possible... (ALthough VLAN groups are a method of briodging two VLAN's, I've never had a great deal of luck. Mainly because broadcasts don't seem to be forwarded. Although that may have been th eversion I was using).

 

 

Why don't you simply run it as a router and then it becomes a lot easier. I run mine with 3 main interfaces. 1 for VS's, 1 (Or more) for backend servers, and 1 for plain routing to/from backend servers. Each is a different subnet. Traffic to the VS's are routed via the VS VLAN. Traffic to servers is routed via the 'routing' VLAN. Traffic FROM servers either follows auto last-hop or if initiated there is a default network VS that sends it via the next-hop gateway on the 'routing' VLAN. You can firewall backends from each other by ensuring there's no network VS that forwards between server VLAN's (The default would be the FWSM SVI itself).

 

 

H