no restriction between vlans behind F5

Question

I have many vlans direct connect to F5 LTM, default forwarding VS is configured to allow external communication to the published services behind F5.
is there a way to isolate vlans behind F5 not to be able to communicate with each other except with access list or policy?&nbsp;

amine_kadimi · Answer

F5 is a default deny device so unless you explicitly allow it, any flow between directly connected VLANs will not pass through.&nbsp;
In your forward VS settings, make sure you didn't allow it to listen on all VLANs. For this, you need to set the "VLAN and Tunnel Traffic" parameter to Enabled on your external vlan only.&nbsp;

amine_kadimi · Answer

In your forwarding VS set "VLAN and Tunnel Traffic" to vlan 100&nbsp;

vijay_e · Answer

If you have multiple server vlans behind the F5 and need to control access between the multiple server vlans, you can explore a few options:&nbsp;
Packet Filters - No licensing fee but these are not stateful from my understanding. Route Domain - No licensing fee but management &amp; troubleshooting can get complicated.AFM Module - Stateful and easy to manage but you would have to pay for extra licensing.

Forum Discussion

no restriction between vlans behind F5

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

AST Configuration Assistance

Adding logging to APM per-request policy without SWG license

Single LTM with multiple GTM domains

License activation

Syslog server not visible in GUI

Related Content

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

F5 iRule Geolocation restriction

Irule for restricting access

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS