For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Richard_22613's avatar
Richard_22613
Icon for Nimbostratus rankNimbostratus
Mar 25, 2013

F5 Lync iApp with Cisco firewalls

I have configured the Lync iApp on a F5 LTM in our DMZ behind a Cisco firewall.

 

The client AV traffic goes through the firewall, hits the F5, which sends it on to one of the edge servers (in the same network as the F5) but when the edge server then replies direct to the client the firewal drops the packet as it hasnt seen a SYN packet from the client to the edge (the original SYN went from the client to the F5).

 

Am I configuring something wrong here, shouldnt the F5 tell the client to re-connect to the edge directly?

 

Any help appreciated.

 

Thanks

 

Richard

 

microsoft
partner

22 Replies

Show More
  • MVA's avatar
    MVA
    Icon for Nimbostratus rankNimbostratus
    Aug 07, 2013
    Brian, my understanding is some Lync traffic can't be SNATted, hence the default GW of the F5. Also, the Lync servers can initiate a connection to external clients, this is where the Forwarding VIP comes into play. Lync servers had default GW as F5, F5 then needs to have a mechanism for accepting this traffic (Wildcard forwarding VIP) and what to do with it (Default route). So step 3. for your list is to ensure a route for this traffic from Lync servers to external clients. Our F5 config, we have specific routes for our internal networks and specified the default route as the next hop for external traffic, which is our firewall.

     

     

    regards,

     

    Mel