Forum Discussion

Nimbostratus

Oct 21, 2019

Help with securing self ip's and forwarding virtual server for a DMZ server using non-http

I have external DNS servers on private IP's in a DMZ vlan. Normally, for servers behind the F5 we just use Automap and the servers default gateway points at the Firewall. However, we want to se...

Altostratus

Oct 30, 2019

Port Lockdown only handles traffic destined directly to the self IP, not for traffic which it would forward.

If you're not using a remote logging destination and able to see your traffic there you can simply use tcpdump from your BIG-IP device and filter on traffic from your DNS server to see which virtual server it is going through.

Something along the lines

tcpdump -i 0.0 -nn host <IP-address of DNS-server>

at the end of the line you should see something along the lines of

in slot1/tmm0 lis=/Common/your_forwarding_vs

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)