Limiting Service that pass through F5

Question

Hi,&nbsp;I have a question about creating VS service traffic separation.so, i have 2 server and i install an application that runs multiple service on those server ( like http, https, and smpt ), and i want to do the load balance.the problem is that i want all users access http and https through F5, but if they need smpt service they will not through F5.Here is the illustration for it :&nbsp;you can see the topology above, let me explain it,i have a firewall, it carry the NAT service, that translate the virtual server ip to ip public, and then there's F5 that translate the Virtual Server IP to the Server's real private IP,So, let me clear it, the traffic from public is : User - Firewall ( 1.1.1.1 to 10.10.10.10.) - F5 (10.10.10.10 to 192.168.1.1 ) - Server (192.168.1.1)&nbsp;Is there any command in iRule that can make it happen?(NB : user access the server via domain, so address 1.1.1.1 to example.com)

aaperson · Answer

These are the basic steps:1) Create Nodes2) Create Pool3) Add Members to Pool 3a) A Member is a Node with port4) Create Virtual Server4a) Add Pool to Virtual Server&nbsp;Roughly speaking, if Member 192.168.140.1:80 exists in a Pool and 192.168.140.1:443 does not, then the Virtual Server will answer to port 80 traffic, but not answer to port 443 traffic. If 192.168.140.1:25 doesn't exist in the Pool, then the Virtual Server won't answer to port 25 traffic.&nbsp;Good luck!&nbsp;&nbsp;&nbsp;

bianca_s · Answer

sorry i forget explain something, this is the right topology :so it's a public server, and the nat ip is on the firewall, the firewall translate it to IP VS in F5, then F5 translate it to the real ip.So how can i separate the traffic between the services? is there any iRule command that i can use?

m_2 · Answer

HI, &nbsp;It all depends on the Virtual setup and the members you configure.you can create 3 different virtuals for https/http/smtp1 Virtual-HTTPs    -- Member1:443 Member2:443 2. Virtual-HTTP   -- Member1:80   &amp; Member2:80 3. Virtual-SMTP  -  Member1:25 &nbsp;&nbsp;&nbsp;

Forum Discussion

Limiting Service that pass through F5

3 Replies

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

iRule Approach to Mask Authorization Header for Bot Defense Logging – Validation Needed

F5 Device Management Certificate renewal

Changes to DO and AS3 GitHub - no longer monitored

BIGIP VE - SSL acceleration with Intel QAT

Big IP licensed with wrong Base Registration Key

Related Content

AI Token Limit Enforcement

Rate limiting WebSocket messages for Agents

SSL Orchestrator Service Extensions: DoH Guardian

F5 Container Ingress Services (CIS) deployment using Cilium CNI and static routes

F5 Distributed Cloud (XC) Custom Routes: Capabilities, Limitations, and Key Design Considerations

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS