For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Shanny's avatar
Shanny
Icon for Nimbostratus rankNimbostratus
Dec 04, 2019

LTM: Moving from one armed setup to fire-walled interfaces

Hey all, question for you regarding the arhtecture of the F5 and ways to set it up. In my current role, I didn't setup our LTM VE. Our LTM sits off an ASA and has multiple VLANs behind it. The proble...
Lee_Sutcliffe's avatar
Lee_Sutcliffe
Icon for Nacreous rankNacreous
Dec 04, 2019

your solution will work but you’ve built your self an overly complex network with servers having different default gateways not being ideal.

 

If I were you, I would move the three VLANs to the FW, and route to them using a transit VLAN.

Your F5 doesn’t need to be directly connected to a VLAN in order to connect to your pool members.

Simply add routes to the three VLANs on the F5, pointing towards the FW and ensure auto-snat is enabled and that’s all you need to do.

With this solution your servers will all have the same default gateway of your firewall.

Return traffic to your F5 will route via the transit VLAN as source IP would be a self-IP of the F5 on the transit VLAN.