For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SP_266134's avatar
SP_266134
Icon for Nimbostratus rankNimbostratus
Sep 02, 2016

F5, virtual ip address port create irules for nated address.

Hi guys, I have created a vip and 10.xxx.xxx.xxx address. this is a nated address. I assign to the vip which is monitoring two nodes wiht http monitor on it. All appears green When i browse to the individual iis pages on the server they work fine. when i hit 10.xxx.xxx.xxx ip it does not resolve anything.

 

I was reading some where to create a i rule https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-datacenter-firewall-config-11-1-0/6.html

 

i tried creating irule :iruleslist /create and gave irule1 name and copied the below statement. allow src 10.xxx.yyy.yyy/24 port 80 dst 10.xxx.xxx.xxx port 80 deny all

 

i get error : Rule [/Common/irule-1] error: /Common/irule-1:1: error: [undefined procedure: allow][allow src 204.170.0.0/24 port 80 dst 204.170.25.11 port 80 deny all] What is wrong in this.? can some one point me in the correct direction.

 

regards Sunil

 

application delivery
LTM

2 Replies

  • SP_266134's avatar
    SP_266134
    Icon for Nimbostratus rankNimbostratus
    Sep 02, 2016

    telnet,ping and tracert the VIP address shows could not open the connection to the host on port 80.

     

  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Sep 02, 2016

    If you are not able to ping the VIP, something is wrong with the routing. I would recommend checking that first. Where do you have the NAT configured - on a firewall in front of the F5 ?