GTM bring down gateway firewall

well a simple google reveals that that ip belongs to abby.ns.cloudflare.com which is a DNS server from cloudflare. as port 53 is usually DNS traffic this makes sense.

you probably configured that IP yourself, perhaps as one of the local DNS servers? or as one of the servers you transfer or get an DNS zone from?

you can use management routes to send traffic via the management interface

http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13284.html

Sorry, I am new in F5. My service provider setup F5 based on my requirement. Based on their feedback, none of the configuration will make F5 to initiate dns traffic to that 173.245.58.100. Based on the design, we have 2 F5 GTM devices installed (one for each site / location having their own internet access; both site are interconnected with our WAN connection - not thru internet). GTM should only answer internet dns query for our company domain. And our internal dns server has ip 10...*.

How can we trouble shoot such connection problem? In additional, can we configure both GTM to sync via management port which is on our local WAN connected lan in stead of going thru the default data port with route thru firewall and internet?

one more hint is that "a lot of internet connection (77k session) to TCP/53 targeting 173.245.58.100" occured occasionaly - couple days after we live both GTM to production.

About the DNS connections out to cloudflare, is your GTM configured to do recursion? Perhaps another host or hosts are trying to use your GTM as a recursive DNS resolver.

How to check my own GTM being configured to do recursion or not? I have checked the firewall log and found no hint for external / internet host is having dns query traffic leading to use my GTM as recursive dns resolver?

try with nslookup or dig and do a query towards your GTM with an external domain, i.e. www.google.com

also this was apparently setup for you by another party, why not engage them to look at this?