Design / Traffic Flow Question
We have an Internal LTM which has a virtual server for a proxy server.
The Virtual server is 10.20.20.100 and it has a pool member which it forwards traffic to on 10.20.30.70.
The LTM source NATs traffic when it forwards it to the pool member.
The issue is that the proxy (10.20.30.70) is then configured to forward traffic to another LTM in our DMZ - 10.100.152.100. So when it does this it sends its traffic to its default gateway to reach the destination of 10.100.152.100.
So basically the Internal LTM forwards traffic to the proxy, but the return traffic does not flow back through the LTM because the proxy uses its default gateway (which is not the LTM) to reach the DMZ LTM.
So my question is, should we be configuring the proxy to use the Internal LTM as its default gateway to make sure all return traffic flows back through the LTM?
Or perhaps we could configured another VIP on the internal LTM (in the same subnet as the proxy) with the DMZ LTM as a pool member and configure the proxies to send traffic to that, instead of directly to the 10.100.152.100 address.
Or is it OK for return traffic to bypass the internal LTM?