Forum Discussion
F5 SMTP Fast Template - SNAT Not working as expected
- Oct 06, 2023
Franky-frank-reg7 That is true but to simplify the configuration so that you reduce the man hours you might/will spend in the future troubleshoot a non-standard deployment of the F5 you should deploy it as option 1
I'm going to try both methods and reply back for closing the thread. One last question, for the option 1, where the isolated subnet is only routable through the F5. I'm assuming we need to create another IP forwarding VS for the management traffic i.e RDP, SNMP, WMI, etc to monitor and managed the server correct? So there will be one IP forwarding VS for server initiated traffic and another IP forwarding VS for inbound communications to the server, as shown in the picture below:
Also for option 2, I tried to configured the SNAT on the internal fowarding VS, where source is restricted to the server IP: 10.50.22x.150 but it didnt work. Is it better to configure global SNAT? Can you give some guidance for the option2? I've added some questions to the picture below:
Franky-frank-reg7 You only need 1 forwarding virtual server that has a source and desination of 0.0.0.0 which will allow the F5 to pass traffic from one interface to the other without really changing anything on it. You do not need 1 forwarding VS per direction if the intent is just to route traffic from external to internal and internal to external for any IP you aren't load balancing on the F5.
- Franky-frank-reg7Oct 12, 2023Altocumulus
Perfect, thanks Paulius.
Last question before we test this is -- how do we designate which interface is external?
Currently, all traffic default routes to a GW IP that is available out of one of my self IP interfaces. I would imagine this would be my external interface?
- PauliusOct 13, 2023MVP
Franky-frank-reg7 External and Internal are just common names that most people use when configuring F5s in path. Your external VLAN/interface would be which ever interface is in the subnet that you point your gateway to for your default route out typically denoted by a 0.0.0.0/0 route.
- Franky-frank-reg7Dec 12, 2023Altocumulus
Thank you, the solution worked. We went with the option 1 inline VS with forwarding IP VIP to cover non-LTM proxied traffic.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com