F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

yammy1688_99834's avatar
yammy1688_99834
Icon for Nimbostratus rankNimbostratus
Feb 02, 2011

Dedicated firewall interfaces for each pool, LTM config?

I'm putting the LTM in an environment where we have dedicated firewall (FWSM) interfaces (along with corresponding ACLs) for each pool/farm and require that all traffic for a given farm flows through ...
config
design
yammy1688_99834's avatar
yammy1688_99834
Icon for Nimbostratus rankNimbostratus
Feb 11, 2011
Posted By rcheeks on 02/02/2011 04:02 PM

 

You could use XFF so the end point servers can see the real client IP address.

 

 

https://support.f5.com/kb/en-us/solutions/public/12000/200/sol12264.html?sr=12488278

 

 

This data is also available via cli on the LTM:

 

bigpipe conn show all | more

 

 

HTH,

 

Roger

 

 

Hi Roger,

 

 

We have a separate subnet per pool and each subnet has a dedicated firewall interface along with associated access-lists. Due to this I cannot use the LTM as the gateway without using some trickery like source based routing.

 

 

 

I just went ahead with a one-armed config. Makes everything a lot simpler.