GTM Monitors internal LTM, but I need Public IP as Answer

Question

Hi Team, I have a very simple setup. I need someone to answer with a tested/verified solution. Please trust that I am writing this thread after breaking my head with Translation IPs/ Dependency Lists etc.&nbsp;
Scenario Simple : &nbsp;
GTM is in DMZLTM is in Core
GTM monitors the LTM and it is able to discover all the VS of the LTM
All VS on LTM as Private IPs.&nbsp;
Is there a way that I can keep monitoring these private IP VS but for wide-ips, i can answer with public-ips.&nbsp;
So is there a way, where we can have a mapping of public-ip and private-ip vs.&nbsp;
My GTM is not supposed to go to internet and monitor the public-ip directly, So i can only monitor my LTM with private IPs, but GTM need to answer with public-ips based on those private ips vs.&nbsp;
Tested/Verified tips will be very helpful.&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
when working with natted IP, GTM configuration is not optimized... &nbsp;
you must not use virtual server discovery but create VS manually in GTM server...&nbsp;
each VS must be create with Public IP as main address and private IP in translation address.&nbsp;

kevin_k_51432 · Answer

Hi Rohit,
I believe the intention is to have GTM checking the same path as the DNS request, so probably you should point GTM to firewall (public) and have it point back to LTM (private). Then just set up translation. This article seems to offer some background about the reasoning.&nbsp;
SOL14707: Configuring BIG-IP DNS server objects for BIG-IP devices that reside behind a firewall NAT&nbsp;
https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14707.html&nbsp;
This seems a frustrating topic for sure!&nbsp;
Kevin&nbsp;

david_stout · Answer

The virtual servers should be on Public IP addresses or should at least be reachable on the public IP. I can't see how it would work if you had a virtual server on a private IP address but the GTM was returning a public IP address. Clients performing the DNS lookup would be trying to connect to a public IP address which isn't the same address as the virtual server. Virtual server IP address is the address normally returned by the GTM. &nbsp;
You can choose to have a fallback IP address returned or create a fancy iRule for creating a "fake" response but best practice would be to have the GTM returning the same IP address as the virtual server so end clients can connect to the requested service being looked up in DNS.&nbsp;

Forum Discussion

GTM Monitors internal LTM, but I need Public IP as Answer

3 Replies

F5 AppWorld 2026 Registration - early bird pricing.

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 iRule for X-Country-Code not working as expected

expandsSubcollections and filtering in F5 SDK

SSO login for APM Profiles

F5 upgrades

How can I run the ‘Network Map’ feature from the CLI or how can I view this information?

Related Content

GTM Monitors internal LTM, but I need Public IP as Answer

Enriching AFM with public domain Threat Intelligence

F5 High Availability - Public Cloud Guidance

Public Cloud Simplified with F5 NGINXaaS for Azure

SSLO in public cloud: Azure inbound L3 use case

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS