Forum Discussion
NimbostratusInter Vlan Routing
Hopefully someone can shed some light on a vlan routing issue I am having.
I have two internal vlans: vlan 4094 and Vlan 40. Both are going to my internal interface 11.0. 4094 is untagged and 40 is tagged.
I have internal servers that need to use the F5 as the gateway as they need source address and cannot use x-forwarded.
Server 1: on vlan 40 and all traffic is tagged from the switch to the F5, ip 10.10.41.50
Server 2: on vlan 1, traffic is untagged, ip is 10.10.10.50
I have a forwarding virtual server that is enabled on the external Vlan.
The issue I am having is that Server 1 can see Server 2 and I need these isolated from each other.
3 Replies
- Injeyan_Kostas
Nacreous
Hello Martyfish
To serve Vlan 40 have F5 as Default Gateway I suppose you also have a Forwarding VS for Vlan 40.
So in this VS you could apply an irule droping traffic form Server1 to Server2for example
when CLIENT_ACCEPTED { set src [IP::client_addr] set dst [IP::server_addr] # Block traffic from 10.10.41.50 to 10.10.10.50 if { ([IP::addr $src equals 10.10.41.50] and [IP::addr $dst equals 10.10.10.50]) } { log local0. "Blocking $src -> $dst" reject } } - Paulius
MVP
Martyfish Please keep in mind that while the recommendation from Injeyan_Kostas will absolutely work it will most likely not pass compliance checks and you will most likely have to use the AFM module as well to restrict this communication.
- Melissa_C
Moderator
Hello Martyfish,
Thank you so much for posting to our community. I see your post has been up for some time with no update and I'd like to encourage you to provide an update. Whether it be from the responses or if you have found the answer outside of DevCentral we would also like to see that posted. Marking a post as solved with the details will help you and other members that may have the same questions in the future.
Thank you for being apart of our DevCentral community!
-Melissa
