How would I securely route traffic in gateway mode so that each routed network cannot route directly to another?

Question

Hardware:  F5 LTM 2000S
I'm trying to create some default forwarders, while using partitions and not using any route domains, to forward any traffic not explicitly defined in the virtual server configuration.
The F5 LTM needs to forward all traffic to and from the subnets for which it acts as the default gateway. 
At the same time, it cannot be allowed to route traffic directly between the connected subnets. 
What configuration is needed to achieve this result?&nbsp;
&nbsp;

chris_grant · Answer

You could setup individual VLANs for each and put a network wild card forwarder on each VLAN for the traffic on that network.  So for instance:&nbsp;
VLAN: RED Virtual Server: 10.1.11.0/24:0
VLAN: PURPLE Virtual Server: 10.1.12.0/24:0
VLAN: GREEN Virtual Server: 10.2.11.0/24:0&nbsp;
That should accomplish what you want.  As the Virtual servers are only listening for traffic on those specific networks, they won't forward traffic bound for another.  Make sure you only enable them on the relevant VLAN, however.&nbsp;

Forum Discussion

How would I securely route traffic in gateway mode so that each routed network cannot route directly to another?

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Issue on connection limit

F5 Distributed Cloud Services Simulator Connect

Wireshark Plugin for TLS

F5 CIS -> NGINX Plus Ingress Controller Integration

Catch Dynamic CRL Errors and Return Friendly Page

Related Content

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

AppWorld 2025 Security Insights - ADC 3.0, AI Security, and more

APM-Specific Features for Securing Your Website

Securing Model Serving in Red Hat OpenShift AI (on ROSA) with F5 Distributed Cloud API Security

HTTP Multipart and Security Implications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS