Forum Discussion
NimbostratusF5 BIGIP LTM deployment recommendation
I have a requirement to use same BIGIP LTM box for both external and internal users.External users should access through DMZ switch connected interface of BIGIP and internal users through Core switch connected interface of BIGIP. Both in one arm mode. Both internal and external users have different VIPs, but the back end servers are same for both VIPs. So i see a challenge with route config on BIGIP for backend servers. What i can think is having multiple NIC on servers and then use different back end IPs for internal and external VIPs.Can someone suggest a good design or solution for this requirement please?
2 Replies
Amine_KadimiMVP
Keep it simple as much as you can, one NIC interface is sufficient unless you have other requirements than you stated.
So basically F5 keeps two separate connections for each flow, one is the client side connection and one is the server side connection. For each side, F5 is using its own routing table to reach the other end. So up to here nothing special.
What you need to know is what path will the nodes (backend servers) follow when answering F5 requests. The answer depends on your nodes' default gateway value and on the source address translation setting (SNAT) in the VS. Usually if your F5 is not the default GW of the nodes then you need to turn SNAT on in the VS, the nodes will then see the traffic as coming from the F5 self ip and will return it back to this IP. F5 will forward to the right original user depending on its SNAT table.
I hope this answers your question
RacetrucksolutiCan anyone help me with a PCI vulnerability problem, as I keep failing because of:
F5 BIG-IP Cookie Information Disclosure Vulnerability
I have no idea of how to even go about sorting this out.
Best John
