Forum Discussion

Nimbostratus

Dec 04, 2019

LTM: Moving from one armed setup to fire-walled interfaces

Hey all, question for you regarding the arhtecture of the F5 and ways to set it up. In my current role, I didn't setup our LTM VE. Our LTM sits off an ASA and has multiple VLANs behind it. The proble...

Lee_Sutcliffe

Nacreous

Dec 04, 2019

your solution will work but you’ve built your self an overly complex network with servers having different default gateways not being ideal.

If I were you, I would move the three VLANs to the FW, and route to them using a transit VLAN.

Your F5 doesn’t need to be directly connected to a VLAN in order to connect to your pool members.

Simply add routes to the three VLANs on the F5, pointing towards the FW and ensure auto-snat is enabled and that’s all you need to do.

With this solution your servers will all have the same default gateway of your firewall.

Return traffic to your F5 will route via the transit VLAN as source IP would be a self-IP of the F5 on the transit VLAN.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

CIS

container ingress services

devops

Gateway Fabric

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

LTM: Moving from one armed setup to fire-walled interfaces

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Issue with IIS and Client Component Service Load balancing

Syslog Filter Configuration for Separating Audit and LTM logs.

Use F5 APM as Forward Proxy

Forward proxy with SSL passthrough - SWG license required?

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Related Content

How to move a BIG-IP VE license

Application Programming Interface (API) Authentication types simplified

Moving Target

Shape Security and Volterra moving to F5 Distributed Cloud Services

Moving from Viprion to rseries

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS