For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

shaikhzaid's avatar
shaikhzaid
Icon for Altocumulus rankAltocumulus
Dec 01, 2024

Monitor multiple services on one service

Hi folks,

I have a server serving web/smtp services, how to monitor multiple services on f5 having one backend server ?

 

Also, which VS should I configure, to serve both services? instead of creating 2 VS with same ip but different ports.

 

Thanks

LTM

8 Replies

  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Dec 01, 2024

    shaikhzaid In order to get the single VS and pool setup to work the way you would want it would be more complex compared to 2 VS's and 2 pools with the same node in it. Do you have a particular limitation that requires you to only configure 1 VS rather than a VS per application? The reason I ask is because this also introduces a greater security risk with 1 VS rather than 2 individual VS's. We should not take a path just because it seems easier without taking into consideration the overall security aspect.

    • shaikhzaid's avatar
      shaikhzaid
      Icon for Altocumulus rankAltocumulus
      Dec 02, 2024

      Thanks Paulius for the reply,

      There is no constraint with regards to configuring two different VS, however i am more interested in how the health monitor shall i configure since i have a single backend server? a tcp-half open or what?

      Also i would like to know the security risk in having 1 VS to support multiple services?

      Thanks

      • Aswin_mk's avatar
        Aswin_mk
        Icon for MVP rankMVP
        Dec 02, 2024

        Hi shaikhzaid 

         

        If your VIP is running on webport(eg:443) please configure layer 7 health check. (https or content based)

        If you vips are running on SMTP, please create a SMTP health check

         

        Please dont create tcp half open or tcp, it will impact your service (if service goes down and it allow a tcp connection, it will show vip is up and hard to troubleshoot the issue)

         

        BR
        Aswin

  • Aswin_mk's avatar
    Aswin_mk
    Icon for MVP rankMVP
    Dec 02, 2024

    Hi shaikhzaid 

     

    It's our choice, we can do with 2 different vs if you dont have ip limitations. if you have any limitation config like(example)

    10.1.1.1 : 443

    10.1.1.1:25

    if we dont have any ip issues you can crease different vips. 

    Create exact health monitoring when you add services in pool.(if smtp goes down, web will available. if web goes down , smtp service will up)

     

    BR
    Aswin

     

    • shaikhzaid's avatar
      shaikhzaid
      Icon for Altocumulus rankAltocumulus
      Dec 02, 2024

      Thanks Ashwin,

      I wanna know which health monitor to configure tcp-half open, tcp, http etc ? Since i have a single server in the backend .