Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Rajesh_07_16489's avatar
Rajesh_07_16489
Icon for Nimbostratus rankNimbostratus
Apr 30, 2016

Forwarding Virtual Server

Dear All,   I am trying to access Internet from internal server whose gateway is f5's internal IP. From f5, I am able to reach gateway and inturn Internet IPs. However, I am unable to reach either...
application delivery
big-ip
LTM
Hannes_Rapp_162's avatar
Hannes_Rapp_162
Icon for Nacreous rankNacreous
Apr 30, 2016

What you'll need to do in your case is change the 0.0.0.0/0 VS from forwarding-type to fastL4 type, and attach a default pool, in which you specify the gateway of F5 (directly connected destination, via external selfIP interface).

 

  • Make sure that 0.0.0.0/0 VS is listening on the Internal VLAN from which the hosts want to access the Internet.
  • I also recommend a custom stateless fastL4 profile, instead of the default fastL4 profile for this kind of 0.0.0.0/0 VS. Have a look here for reference: https://devcentral.f5.com/questions/f5-big-ip-memory-issues
  • Rajesh_07_16489's avatar
    Rajesh_07_16489
    Icon for Nimbostratus rankNimbostratus
    Apr 30, 2016
    Thank you Hannes for your help. I tried following config, even then, there was no luck. ltm profile fastl4 my_route_friendly_fastl4 { app-service none defaults-from fastL4 idle-timeout 300 loose-close enabled loose-initialization enabled reset-on-timeout disabled } ltm virtual VS_forward { destination 0.0.0.0:any ip-protocol tcp mask any pool Gateway_pool profiles { my_route_friendly_fastl4 { } } source 0.0.0.0/0 translate-address disabled translate-port disabled vlans { Internal } Kindly assist and thank you in advance. Regards, Rajesh
  • Rajesh_07_16489's avatar
    Rajesh_07_16489
    Icon for Nimbostratus rankNimbostratus
    Apr 30, 2016
    ltm profile fastl4 my_route_friendly_fastl4 { app-service none defaults-from fastL4 idle-timeout 300 loose-close enabled loose-initialization enabled reset-on-timeout disabled } ltm virtual VS_forward { destination 0.0.0.0:any ip-protocol tcp mask any pool Gateway_pool profiles { my_route_friendly_fastl4 { } } source 0.0.0.0/0 translate-address disabled translate-port disabled vlans { Internal } vlans-enabled }
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    Apr 30, 2016
    It's quite likely your packets are now able to reach the destination, but the response packets do not come back (you can check with tcpdump to investigate further). Assuming that's the case, my next question is if you have a forwading-type VS for the Internal network segment? If your nodes are in 192.168.255.0/24, you will need to create a forwarding-type VS for this subnet, and make it listen on the External VLAN. Additionally, the device which acts as a gateway for F5 on the External VLAN must have a destination route 192.168.255.0/24 which points to the floating external IP. Hope this will help you out.
  • Rajesh_07_16489's avatar
    Rajesh_07_16489
    Icon for Nimbostratus rankNimbostratus
    Apr 30, 2016
    I have taken pcap in the f5 and it shows that there is no return packet from the destination. Should we do anything for return route ?
  • Rajesh_07_16489's avatar
    Rajesh_07_16489
    Icon for Nimbostratus rankNimbostratus
    Apr 30, 2016
    Dear Hennes, It worked after adding return route on f5's gateway, which is very basic one, but missed it some how.... Thank you for your help and you are great!!! :)