Forum Discussion
Richard_22613
Mar 25, 2013Nimbostratus
F5 Lync iApp with Cisco firewalls
I have configured the Lync iApp on a F5 LTM in our DMZ behind a Cisco firewall.
The client AV traffic goes through the firewall, hits the F5, which sends it on to one of the edge servers (in the...
Ryan_Korock_46
Mar 26, 2013Historic F5 Account
Richard.... one solution would be to point the default gateway of the Edge servers to the BIG-IP Self-IP, and the default gateway of the BIG-IP to the firewall. This will route connections that are being load balanced by the BIG-IP correctly without having to SNAT anything.
You will also have to deal with connections that are being sent directly to the Edge Servers themselves (and not sent to the BIG-IP for LB). The return traffic from the Edge servers will then be sent (assymetrically) to the BIG-IP since that is the DFGW of the Edge servers. To get the BIG-IP to pass this return traffic on through to the firewall, create a forwarding VIP with loose connections enabled. This effectively gets the BIG-IP to act as a stateless router for the return traffic of connections sent directly to the Edge Servers.
- Dave_20158Jan 15, 2015NimbostratusRyan - Thank you so much for this information. We ran into this exact issue with the asymmetric routing and I could not understand why the BIG-IP was not forwarding the traffic. Once I created the new fast-L4 profile and enabled loose initiation and loose close, everything worked perfectly.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects