For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Davethoonsen's avatar
Davethoonsen
Icon for Altocumulus rankAltocumulus
Oct 01, 2019

Design question incorporating a firewall

Hi,   I'm stuck with some questions about a design that includes a firewall. I have the following two possible setups, where situation 1 seems more lenient and situation 2 would always require ch...
application delivery
LTM
James_Thomson's avatar
James_Thomson
Icon for Employee rankEmployee
Oct 02, 2019

Questions regarding situation 1:

  • What would my default route be for nodes in the 192.168.1.x network?
    • Yes
  • My guess is 192.168.1.1 as they would use that for their default route and since SNAT auto-map on the F5 would set up a direct (stateful) connection, it would use the floating self IP on the egress VLAN;
    • Correct
  • The F5 is a virtual appliance that has it's external VLAN untagged to interface 1.2 and external IP 40.50.60.3/29. How would I go about using 40.50.60.4 on the F5 to be used as a virtual server?; You should see the external connection as a layer 2 VLAN that is maintained by us.
    • As long as the BIG-IP has a self-IP on the same subnet,then it exists on the network and you just add a virtual server with that address and it will just work.
  • Would the default route for my F5 be 40.50.60.1? (if even required?)
    • Yes

Questions regarding situation 2:

  • What would my default route be for nodes in the 192.168.1.x network? My guess is the floating self IP, 192.168.1.246.
    • Yes

 

Overall questions:

  • Looking at the topologies; am I missing some design matters or other ideas?
  • Which setup would you recommend?