For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

js_168189's avatar
js_168189
Icon for Nimbostratus rankNimbostratus
Feb 28, 2019

Health Check when VIP and Node in different VLANS

I have an VIP in one VLAN 192.168.30.x that is a VLAN/DMZ behind a firewall The Nodes for that VIP are in another VLAN/DMZ interface behind the same firewall but different DMZ interface 192.168.10.X ...
application delivery
LTM
Michael_Saleem's avatar
Michael_Saleem
Icon for MVP rankMVP
Feb 28, 2019

This behaviour does indeed sound correct.

 

The F5 sends health monitor probes from its non-floating self IP on the egress VLAN (i.e. the VLAN on the F5 facing closest to the pool member). Since your pool members sit behind the firewall and not the F5, it will be sourcing the health probes from the front-side VLAN (i.e. Firewall-DMZ-30 - 192.168.30.5) and sending it to the upstream next hop which is the firewall (192.168.30.1). The firewall will then route the traffic to the nodes on Firewall-DMZ-10 - 192.168.10.x