Forum Discussion
BRoan1
Nimbostratus
NimbostratusLTM VE behind Sophos Firewall deployment - configuration/setup question
Apologies both for the long post and my ignorance. This is a different setup than what I'm used to dealing with and I'm trying to get some clarity. I am standing up a new rack in a co-location facil...
when you use one-arm configurations you need to use SNAT on the BIgIP, you can use automap or a SNAT pool.
Without this, the requests coming from the Internet to the Virtual server and the servers will not go back through the BigIP.
If your servers in this case need to have the firewall as the default gateway, so traffic they initiate will not go through the BigIP. And use a SNAT to make any reply from the server go back through the BigIP. But you probably already have this if you say you can browse a web server.
You use BigIP as the default gateway when you have dual-arm (routed mode)
BRoan1Nimbostratus
NimbostratusOk. Rather than the configuration I supplied above, I opted for a one-arm configuration behind my firewall. The firewall performs NAT from public IP the private IP of the virtual server, which is on the same network subnet as my hosts. I can successfully browse a web server from the Internet, huzzah!
Unfortunately, hosts that have the BigIP LTM VE as their gateway cannot browse out to the Internet. I added a default gateway to the VE using the firewalls LAN interface IP and I can see NTP traffic getting passed. I was also able to successfully upload a QKVIEW to iHealth from the admin web console. What am I missing?