Forum Discussion
NimbostratusDisabled VS Still Intercepting Traffic
I have an F5 LTM configured with a VS to catch HTTP traffic and send it via a cluster of proxies.
The F5 also has a forwarding VS that directs all other traffic (* protocol & * ports) direct to the upstream firewall and thus not going through the cluster of proxies.
When I disable the HTTP VS I expected HTTP traffic to then be matched against the forwarding VS and get sent direct to the firewalls as well, however it does not, it seems the HTTP VS even its disabled state still intercepts the traffic and just drops it.
Does anyone know why the F5 behaves in this way and how I can get the HTTP VS to only intercept HTTP when the VS is active? Would be a pain if I had to delete and then re-create the HTTP VS every time I needed to bypass the proxies for some reason.
Daniel_VarelaEmployee
That behaviour is expected. I would change the destination port to something not used like 13576.
- Daniel_Varela
Apparently if you disable the Virtual address associated to that virtual server you get that effect: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-basics-11-6-0/5.html
I didn’t now this, learnt something new :)
Only1masterbla1Cirrus
Known issue. Can you check whether it fits your situation?
https://support.f5.com/csp/article/K8940
K8940: The BIG-IP system processes traffic for virtual servers after disabling the virtual address
Ilian_IvanovHello,
You can try this as a workaround. Enable your HTTP VIP and apply that iRule:
when HTTP_REQUEST { virtual your-forward-vip-name }Regards