Forum Discussion

Nimbostratus

Aug 27, 2013

Forwarding VIP

Hi, I need a solution for a VIP, which will securely proxy traffic from my DMZ to LAN (via middle network where F5 lives), as direct communication is prohibited. The goal ultimately is to have ...

Admin

Aug 27, 2013

would need more details to be helpful. what protocol? you can have a standard 0.0.0.0: vip and could apply an iRule w/ a datagroup or a sideband service that has the list of internal IPs allowed and use a simply forward statement. WRT to security of a forwarding vip or a standard vip-there's no difference in security posture. Standard vip just needs a destination, whereas a forwarding vip will consult the routing table. You can do more with a standard vip wrt to security because you can apply profiles to get at the higher layers, but "just as" is no more secure than a forwarding vip.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)