Internal to External Flows

Question

Hi, 
&nbsp;  
&nbsp; Can anyone confirm how LTM handles flows from internally defined nodes which use the LTM as its gateway. 
&nbsp;  
&nbsp; For example a web server that needs to communicate to an NTP or DNS server logically on the external side of the LTM. Does any configuration need to be done in order to achieve this. 
&nbsp;  
&nbsp; Regards 
&nbsp;  
&nbsp; Miron

dennypayne · Answer

Yes, LTM is a default deny device.  You either need to SNAT or NAT internal connections to an external IP address, or use a wildcard forwarding virtual server (0.0.0.0:0) to allow the traffic in and out.  If any NetBIOS is involved the NAT/SNAT method probably won't work, so I tend to prefer the forwarding virtual method.  When using that, the LTM's gateway will likely need a static route to the network behind LTM pointing to the LTM's external address (floating address for redundant pairs).  
&nbsp;    
&nbsp;  Denny

miron_du_plessi · Answer

Thanks Mate, 
&nbsp;  
&nbsp; Was very useful. 
&nbsp;  
&nbsp; Miron 
&nbsp;  &nbsp;

Forum Discussion

Internal to External Flows

Recent Discussions

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

XC Bot defense question

Big-IP not recognized by Big-IQ

Related Content

Redirecting to an external site when the internal site is down

External and Internal DNS on same appliance

Create isolated environment for internal and external networks

F5 Distributed Cloud Network Firewall Rule Evaluation and Packet Flow

BigIP 5200 traffic flow

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS