Forum Discussion
Pepillo_358524
Nimbostratus
NimbostratusF5 BIG-IP vcmp with guests using ltm and afm
Hi, we recently bought a pair of i5800 and we need to configure vcmp with 4 guest, 3 of them using LTM and the last just to configure AFM. This will be done for intranet and the idea is to configure ...
Pepillo_358524Nimbostratus
NimbostratusI finally figured it out.
First of all I have to say that I was trying to replace a Cisco Firewall ASA that had two interfaces configured (outside and inside) to protect internal server farms which are located behind inside interface. So We have this two chassis BIG-IP i5800 that were configured in fail-over pair, so just one of them is active at a time.
We use vcmp to configure 3 virtual LTM and 1 virtual AFM. We had these boxes connected by a port-channel to our aggregation datacenter switch. In this port-channel travel all the vlans we use for virtual servers and server farms. So mainly we assigned two vlans for each LTM, one for Virtual Servers and the other for server farms. L3 aggregation switch is each LTM´s default gateway, and in turn, virtual AFM is L3 aggregation switch's default gateway. Core switch is AFM´s default gateway.
In order to catch all the traffic from core switch, I used a Virtual Server type of IP FORWARD, one firewall policy and two rulelist, one for outside and one for inside.
I also configured a Virtual Server type of IP FORWARD on each LTM to allow servers to use them as gateways.
