Forwarding Virtual Server, Fast L4, and TCP?

Question

We have BIPs in front of our LDAP environment.  We have a requirement to only allow connections to LDAP (port 389) through our configured virtual servers, with the exception of a list of nodes that are allowed to contact LDAP on the pool members directly.  I created a data group list (class) with the exception nodes in it, and have written the following iRule to accomplish this:&nbsp;
&nbsp;when CLIENT_ACCEPTED {
&nbsp;if { not [matchclass [IP::client_addr] equals $::ldap] } { if { [TCP::server_port] equals 389 }
&nbsp;{
&nbsp;drop
&nbsp;}
&nbsp;else {
&nbsp;forward
&nbsp;}
&nbsp;}
&nbsp;}&nbsp;
&nbsp;The syntax of the rule is ok, but the problem arises when I apply it to my Forwarding (IP) virtual server.  The TCP::server_port part requires that I have a TCP profile on my forwarding virtual server, but that's not possible since it has a Fast L4 profile.  Anybody know of a way I can write an iRule that will make my forwarding virtual server recognize the server_port?&nbsp;
&nbsp;thanks.

hoolio · Answer

citizen_elah provided a good solution here for making port based decisions on a forwarding VIP:&nbsp;&nbsp;Click here&nbsp;
&nbsp;Aaron

Forum Discussion

Forwarding Virtual Server, Fast L4, and TCP?

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

virtual server config

Check a Virtual Server's SSL Status

iRule to extract SNI and forward to Virtual Server

Virtual Server graphical App for F5 LTM

Three Ways to Specify Multiple Ports on a Virtual Server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS