For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Liquid_22_54866's avatar
Liquid_22_54866
Icon for Nimbostratus rankNimbostratus
May 15, 2007

Load Balancing Question

Hi All,   The company I work for recently inherited a F5-BIG-LTM-1500 v.9.1.2. We do have a support contract but I thought I would ask this question here first as we are having issues in getting o...
microsoft
partner
Danie_Smit_1037's avatar
Danie_Smit_1037
Icon for Nimbostratus rankNimbostratus
Oct 08, 2007
Hi

 

 

The default gateway needs to point to your firewall. What you should do is enable SNAT on the LTM so that the client source IP is natted to that of the source nat IP on the F5.This wil prevent asymetric routing.It will also stop the firewall from dropping "out of state" packets when the client request and sever reply is not part of the same TCP session.

 

 

Your traffic flow should be as follows

 

 

Trafiic flow from Client to Server

 

client->Internet->router/firewall->switch->LTM Virtual-ServerIP

 

 

From the LTM to the server

 

 

LTM SNAT IP->Web Server.

 

 

The reply from the server will then be

 

 

Server->LTM SNAT IP->LTM Virtual ServerIP->Switch->Firewall and back to the client over the Internet.

 

 

Cheers

 

Danie