Forum Discussion
NimbostratusDesign to migrate VLAN-group to Two-arm
Hi everybody.
We have to migrate an old system from VLAN-group to using Two-arm mode and we struck with some problem.
From this picture is a topology
http://postimg.org/image/oq2ekke1p/
- We have 3 vlan that connected to F5 and F5 connect to 3 different Zone (DMZ zone, Web zone , Intra zone)
- We have NAT list of Server in those zone (because we migrate from old system, customer doesn't want to change FW rule and need to remote to those server, So we need to NAT old IP to new private IP)
***3. Problem is > Server need to connected each other but before connected. It has to route to FW before hand for security reason (eg. DMZ server connect to Intranet Server)
How can F5 open VS or do something to make traffic flow from Server in that zone route to FW before connect to Server in another zone ?
Thank you
2 Replies
kridsanaCirrocumulus
Traffic Flow when Server connect each other will be like this http://postimg.org/image/ucbc7s2yz/- kridsana
Traffic Flow when Server connect each other will be like this http://postimg.org/image/ucbc7s2yz/
As you can see, In old system with vlan group deployment. Server have FW as default gateway and they can connect to each other via FW properly. When they move to behind F5 for Two-arm deployment. They also need to route to FW when connect to server in other zone due to security issue (DMZ zone connect to Intranet zone , etc ).
I am not sure F5 can route traffic for Server in DMZ zone to FW before connect to Server in Intranet zone.
And If F5 can route traffic to FW. what IP of server that connected to each other? NATed or real IP ?
