Forum Discussion
Adding a static route in BIG IP
i want to add a static route in my BigIP. but these route should stay after rebooting.
i suppose that i need to add these route in a specific file!
if yes, please where can i find the file to add theses route?
thanks you
4 Replies
- nathe
Cirrocumulus
Darshan,
I've never come across in the wild. My only thought is if you had a network standard virtual server but within that range their was 1 address you wanted to deny you could setup a reject VS as this would take precedence over the network VS.
N
- swo0sh_gt_13163
Altostratus
Nice one Nathan,
Thanks you for this example. Anyone can think about anything else?
Regards,
Darshan
If the BigDB variable TM.RejectUnmatched is set to false (can be useful if the ltm is directly connected to the internet) and the administrator wants to reject packets for specific IPs or networks it could also be useful.
/Patrik
- swo0sh_gt_13163
Altostratus
Thank you Patrik,
However your answer lead me to think to another question, in which case we can have TM.RejectUnmatched to false? Any useful case to set this to false?
Thank you once again!
Darshan
One scenario I could think of is when placing the LTM in front of, or replacing the LTM with the external firewall. The default setting for firewalls is to drop packets not matching a rule (uses less performance and makes it a bit harder to people looking for targets on the web) whereas the LTM would answer with a reject on all unmatched packets (all IP's, all ports). To simulate the firewall behaviour you can then set the RejectUnmatched to false.
/Patrik
- swo0sh_gt_13163
Altostratus
Makes complete sense,
Thank you Patrik!
- I live to serve. :)
- Kevin_Stewart
Employee
If I may add, the LTM is a default deny device. You don't need an all-inclusive filter rule applied to say "reject if not matching an allowed IP", because that already exists in the absence of anything at all. If you don't actively create a listener - a virtual server or NAT - then the LTM won't respond to any requests. The TM.RejectUnmatched option is interesting in that it allows you to choose how packets are rejected. Set to true and LTM sends a RST. Set to false and LTM drops the request packet. In either case the request is denied.
- swo0sh_gt_13163
Altostratus
Fab Kevin! Thanks for sharing!
Much much appreciated all!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com