Forum Discussion
Alexander_Lutsi
Nimbostratus
NimbostratusOne-IP topology question
I wonder if anybody can share insight on the LTM placement scenarious? I currently have BigIP placed behind Firewall and directly in front of servers. I do have some concerns with this:
1. Admin access from the Trusted segment have to go via LTM, had some issues with this along the way.
2. I'd like to maintain another level of security between LTM and App machines, since there'll be no level of Reverese Proxies.Click here
I'm looking to create One-IP configuration with LTM sitting in DMZ and using SNATs for incoming traffic, I guess I can use iRules to make different SNATs based on incoming Virtual Servers and PORT (correct me if I'm wrong). Here's how it'll look: Click here
Unfortunately I don't have a lot of experience with LTM products and can't see any problems with this config from the top of my head. Would anybody have concerns/insight about this topology?
Alexander_Lutsi- Instead of using iRules, I would create 3 snatpools, one containing each SNAT address, then apply them to each of the 3 virtual servers. (snatpool may be added to the virtual server configuration on the Virtual Server Configuration page if you select "Advanced".)
HTH
/deb
