Forum Discussion

TRRT_94279's avatar
Icon for Nimbostratus rankNimbostratus
Jul 27, 2011

F5 ASM and reverse Proxy

Hello all,



I have a very simple question (but I'm new to F5...):


I have two F5 ASM (the Appliance - 3600 series): Is it possible to configure them as reverse Proxy?



I read that it is possible with the LTM series but I'm not sure with ASM...



I need this information quickly... thanks you for your help...!




4 Replies

  • Hi TRRT,



    ASM even as a standalone still has LTM functionality to terminate the clientside connection and create a separate serverside TCP connection. So ASM is acting as a reverse proxy.



    Can you clarify what you're trying to do?



  • Hi Hoolio,



    Thanks you very much for your quick and complete answer. Our company will install soon a OWA Server and they want to use the F5 ASM 3600 as a reverse proxy for external access to this particular ressource. The F5 ASM will be in a DMZ.



    After reading quickly the user guide, I think that I have to:


    - Create a local traffic pool for my OWA server (the internal IP address of the OWA Server)


    - Create a local traffic virtual server (in the subnet of my DMZ - different of the IP address of the F5 itself)


    - Select the OWA Exchange 2003 security policy for this traffic



    So the F5 will act as a reverse Proxy and will apply the specific security policy for this traffic.



    Am I correct or did I miss something else?








  • Me again...


    I have one more question:



    If my F5 ASM is in the DMZ, it will be connected only with one interface (there won't be two VLAN - internal and external). I read this documentation and it seems to be possible to do that (One IP network topology):




    In this scenario, I will configure a External VLAN for my F5 (in the DMZ subnet) and a pool for my OWA server (with the internal address). Is it possible to do that? The pool won't be in the same subnet as the External VLAN of my F5 and in the document above, it's written that: "Before creating the pool, verify that all content servers for the pool are in the network of VLAN external."..



    I'm a bit confused about all that. Again sorry, but Im totally new to F5 technologies and I would much appreciate any help :p








  • Hamish's avatar
    Icon for Cirrocumulus rankCirrocumulus
    As long as you're SNAT'ing the traffic, that shouldn't matter. The BigIP just needs to be able to route the traffic to the poolmember (From both the management host and tim itself via the VLAN connected.



    As long as the routes to the pool members aren't via the management interface, then it should all be immaterial.