Forum Discussion
レザ
Cirrus
CirrusDisable Inter-VLAN Routing?
Hello I was searching for my problem when I came across this topic, but unfortunately, there was no complete answer to this question. Therefore, I wanted to know how to prevent bigip from bypassing...
レザ As long as the servers sit in a different VLAN it would be up to your routing to not allow them to reach each other. Example, if you have VLANs 1-5 and the F5 and the firewall sit in each VLAN with the F5 being in 1 arm mode then each server should have the firewall as their gateway. As long as the switch seperating each VLAN doesn't performing any routing then those servers should not be able to reach each other without going through the firewall. They could technically reference the F5 as their gateway but if the F5 doesn't not have a forwarding virtual server configured with SNAT enabled on that virtual server they will not be able to communicate with each other without using the firewall.
Daniel_Wolf
MVP
MVPHi レザ,
even though this is marked as solved, I want to weigh in on this one.
My example: You have VS_A in VLAN_A and VS_B in VLAN_B. You want to make sure that IPs residing in VLAN_B cannot connect to VS_A, correct?
My question: What is your configuration setting for VLAN and Tunnel Traffic for VS_A?
Is it "All VLANs and Tunnels" or "Enabled on: VLAN_A"?
Please see: K44201777: Using tmsh utility to enable an existing virtual server on all VLANs and tunnels on the system
"When you create a virtual server, the default setting for VLAN and Tunnel Traffic is All VLANs and Tunnels which specifies that the virtual server is enabled on all VLANs and tunnels configured on the system."
Enabled on all VLANs means: if Traffic from VLAN_B hits the F5 and the destination is VS_A, the F5 will answer. This would explain your observerd behaviour.
KR
Daniel
レザHello Daniel_Wolf
Every virtual server enabled on it's corresponding vlan only.