How to redirect outbound traffic to 2 ISP links

Question

Hi,We have (LTM,GTM) , Can we implement LTM &amp; GTM behind the firewall? and if yes ,how the LTM can monitor the 2 ISP links on the firewall? is it by using transparent monitoring?

paulius · Answer

If the firewall is the edge and has 2 ISP connections but only a single inside connection I'm not entirely sure if it would be possible to balance the two ISP connections since the F5s next hop is the firewall. If you could provide your topology it might help come up with a solution.

logan92 · Answer

Here is the digram&nbsp;

michael_saleem · Answer

This may work:
# Create transparent gateway ICMP health check monitor to monitor external IP (in this case Google DNS server) 
create ltm monitor gateway-icmp MON-GATEWAY-ICMP-ISP destination 8.8.8.8:0 transparent enabled

# Create pool containing both ISP router IPs
create ltm pool POOL-OUTBOUND load-balancing-mode round-robin members add { &lt;ISP1 ROUTER IP&gt;:0 &lt;ISP2 ROUTER IP&gt;:0 } monitor MON-GATEWAY-ICMP-ISP

# Create FastL4 virtual server
create ltm virtual VS-OUTBOUND destination 0.0.0.0:0 mask 0.0.0.0 pool POOL-OUTBOUND profiles add { fastL4 } source-address-translation { type automap } translate-address disabled translate-port disabled

paulius · Answer

This does seem like it should function the way you would like with the exception of the health monitor. Keep in mind that with that monitor you're only monitoring the interface on the firewall rather than the connection from the firewall to the ISP so if routing is not functioning between the firewall and the ISP or the ISP has any routing issues that will not be detected.

michael_saleem · Answer

Since it's a transparent monitor, wouldn't the health monitor be checking the reachability from the F5's self IP via each ISP router to Google's public DNS server (8.8.8.8) and hence, this would verify that traffic using each ISP was working?

Forum Discussion

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

F5 System Scanner - How I deployed it at scale

What configuration issue am I experiencing with this 130-domain VS ?

Ivanti MDM Core & F5 LTM/ASM with mTLS

F5 BIGIP & XC certbot plugin

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

Related Content

F5 HTTPS Redirect 2025

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Distributed Cloud - Traffic Steering based on Client IP Address

SSL Orchestrator Advanced Use Cases: Outbound SNAT Persistence

Lightboard Lessons: SSL Outbound Visibility

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS