Dual Firewalled Enviroments - 1 LB

Hi jenmick1,

 

 

Q: We are attempting to load balance traffic sourcing from two separate firewalls and need to ensure that traffic is sent back through the proper firewall.

 

A: Shouldn’t the rest of your network configuration (non-BigIP) be taking care of your network routes and routing table for you? If the BigIP does not know the route it should utilize its default route.

 

 

Q: SNAT cannot be used in these environments as the developers need to see true source IPs.

 

A: Can you configure X-Forward in the HTTP Profile so that the True Client IP Address is placed in the header and the downstream application can retrieve it?

 

 

Q: The servers need to be able to connect to the correct firewall when they are the source.

 

A: If your servers are the source then they become a client and are passed through the BigIP if the traffic destination is not on a subnet that is owned by the BigIP. The traffic from the server should be allowed to pass through unaffected, but other devices might cause this not to work (firewall configurations).

 

 

I can't offer any insight into your Route Domain issue, perhaps on someone else can give you some suggestions.