For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Techgeeeg_28888's avatar
Techgeeeg_28888
Icon for Nimbostratus rankNimbostratus
Mar 30, 2014

F5 in inline mode

Hi Everyone,

 

Here I am asking a very basic question hope someone can quickly reply, if I make F5 as a gateway for a group of my servers on a particular interface and I define in those servers default gateway as the interface IP address of F5. Will that be all for those bunch of servers to communicate with other network and other network to communicate with those servers or do I need to create some VS as well ??

 

Regards,

 

7 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Mar 30, 2014

    So, you'll need at least a couple of things. Firstly a forwarding IP vs to allow traffic to and from the servers. Enable on the vlans you need. Also you'll need a route to the servers on the clientside to point to f5 self IP.

     

    Hope this helps

     

    N

     

  • Techgeeeg's avatar
    Techgeeeg
    Icon for Nimbostratus rankNimbostratus
    Mar 30, 2014

    Hi Nathan,

     

    Thanks for your reply so I understood the following from you,

     

    1. A Forwarding Network type VS with destination "0.0.0.0/0.0.0.0" enabled on the Server VLAN (for which F5 is inline). This VS will allow traffic from the servers

       

    2. A forwarding Network type VS with destination "Subnet of the servers" enabled on all Vlan (other than Server vlan) or on selected VLAN those vlan's can only send traffic to the Server. This VS will allow traffic to the server.

       

    3. On the servers the default gateway will be the SELF IP of F5 on that VLAN.

       

    Correct me if any of the above is wrongly understood.

     

    Regards,

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Mar 30, 2014

    Looks good to me. Don't forget route to the servers on the clientside too.

     

  • Techgeeeg's avatar
    Techgeeeg
    Icon for Nimbostratus rankNimbostratus
    Mar 30, 2014

    "Don't forget route to the servers on the clientside too" so on the client side subnet I will define the following (as an example)

    ip route 172.16.16.0 255.255.255.0 10.10.10.1

         (server subnet)            (VLAN interface on the client side)

    is this what you are saying??? If yes, then what if the Interface on F5 which is for users is connected to a layer-2 switch.

    Apologies if I am mistaken in the basic things.

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Apr 06, 2014

    All that really matters is that the client knows how to reach the server via the f5. So somewhere on l3 on the client side will do.

     

    N