F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Nathan_67739's avatar
Nathan_67739
Icon for Nimbostratus rankNimbostratus
Jan 15, 2010

Forcing "routed" traffic back to gateway

We currently have a LTM 3600 (running 10.0.1), set up in a router-on-a-stick model (vlan based network with backend servers and VIPs logically, but not physically, behind the LTM).     We a...
config
design
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Jan 18, 2010

Posted By Nathan on 01/16/2010 4:44 PM

 

 

Something else just occurred to me. We have a 'default forwarding' virtual server, set up as a 'Forwarding (IP)' type virtual server with a 0.0.0.0 addr and mask. Could this be done differently to tell the LTM "don't forward between subnets, only between the subnet and the gateway"?

 

 

 

Yes.

 

 

You set the destination for the default network VS as a pool. And the poolmember(s) just happen to be the gateway. I do this where a single F5 is used for a number of DMZ's between the firewall and the DMZ's themselves. In this way any traffic between subnets is forwarded via the gateway (Firewall), and not direct.

 

 

I normally set the allowed VLAN's as well just to make sure that traffic inbound on some interfaces is treated slightly differently (eg. traffic TO the subnets doesn't want to match the default VS so the allowed VLAN's is set to just the subnets behind the F5)