LAN and DMZ Virtual Servers

Question

Let me start off by saying I'm totally new to F5 LTM and any other F5 product.  I'm working on configuring our F5 and is lost when configuring the proper default gateway.  We have 2 subnets here one for the LAN and the other for our DMZ.  A firewall sets between the two.  Our F5 will contain virtual servers for both subnets.   
  
 As you can image the LAN virtual servers will accept requests from workstations/servers on the lan subnet, let's say 192.168.1.x.  Our DMZ virtual servers (192.168.2.x) will accept requests by way of the internet and servers in the LAN.  NATing and forwarding (internet requests) to this subnet is will be done by our firewall. 
  
 With that said, how should the gateway be configured on the LTM? 
  
 IntranetExtranet 
 ----------------- 
 || 
 || 
 || 
 ------------------------------ 
    F5 LTM 
 192.168.1.x192.168.2.x 
    VLAN1    VLAN2 
 ------------------------------ 
 || 
 || 
 || 
 ------------------------- 
 VLAN1 ServersVLAN2 Servers 
 -------------------------

jrahm · Answer

Well, you can do dynamic gateways by using iRules, but my personal preference is to default all traffic in a DMZ to the public firewall, and enter only necessary static routes in a DMZ device toward the private firewall for internal assets.  I consider the public &amp; private side of the LTM to still be DMZ.

Forum Discussion

LAN and DMZ Virtual Servers

Recent Discussions

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Use of SSL Decryption.

Big IP DNS Failover

Related Content

iControl REST Cookbook - Virtual Server (ltm virtual)

virtual server config

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

iControl REST Cookbook - Virtual Server Profile (LTM Virtual Profiles)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS