For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kas21_201796's avatar
kas21_201796
Icon for Nimbostratus rankNimbostratus
May 12, 2015

Multihomed F5 bypassing Firewall

I am new to F5 and am helping replace/update our current configuration that we use for ActiveSync. Currently we have one F5 running APM that does authentication and SSL termination in the DMZ and a ...
design
security
Max_Q_factor's avatar
Max_Q_factor
Icon for Cirrocumulus rankCirrocumulus
May 12, 2015

By default the F5 initiate server side traffic based on the routes in the routing table (including local subnets).

 

If you would like the F5 to have the traffic from the DMZ interface routed differently, may I suggest asking your sales engineer about vCMP, or looking into setting up a seperate route domain for the DMZ interface Manual Chapter: Working with Route Domains.

 

vCMP is similar to creating virtual machines on F5 hardware, and route domains are similar to a single box MPLS layer 3 VPN (VRF in Cisco / Juniper terms) for layer 3 separation. Both options may take considerable time and effort to plan and implement, but if you require layer 3 or higher seperation this is where I would look first.