Forum Discussion
DeepakK_154002
Nimbostratus
NimbostratusNeed help to create irules for some policie to configure
1:- I need help to make this work.
Traffic which is coming from proxy/10.16.1.241 iron port (Internal) . For that traffic Http/ps/dns allowed rest denied.
2:- For these Internal users 10.16.2.1/10.1...
For the first one, you would need to create a forwarding VS with all protocols enabled. Then, for the VS "source", set it to 192.168.0.1, and set VLANs Enabled On your DMZ VLAN only. Finally apply this rule:
when CLIENT_ACCEPTED {
if { [IP::protocol] != 1 && (!([IP::protocol] == 17 && [UDP::local_port] == 53)) && (!([IP::protocol] == 6 && [class match [TCP::local_port] equals dg_dmz_to_external_ports_allowed])) } {
drop
return
}
}
I don't really understand your second condition, I'm afraid.
Having said all of this, you really should look at using packet filters:
or better yet, add AFM:
http://www.f5.com/pdf/products/big-ip-advanced-firewall-manager-datasheet.pdf
DeepakK_154002Dear Vernon the questions i asked to you its belong to Microsoft ISA and i want to replace Microsoft ISA to F5. So for these setting i have to use LTM,ASM,AFM,SWGA. M i right?
