Forum Discussion
omar05_132659
Nimbostratus
NimbostratusOutbound IPs for mail and navigation traffic
Hello friends,
Yes, I know it is a basic question, but I need help due to I am new in F5 deployments. Please..! I'd appreciate any help you provide.
I was given two pools of public IPs. One...
You can have a the second SNAT Pool with your three public IP addresses attached to a 0.0.0.0:* Virtual listening on your internal VLAN to handle outgoing traffic.
If you only have on mail server then you will only have one virtual to point to it. Unless you need a mail server endpoint in each ISP VLAN? Then just create three virtual's, each attached to an external ISP's VLAN, using the same mailserver pool. That handles the incoming traffic. For outbound traffic from the mail server use a 0.0.0.0:25 virtual on the inside VLAN with the first SNAT pool.
Kevin_Davies_40
Nacreous
NacreousWithout a better picture of what the F5 installation looks like it is difficult to give a detailed response. Is your F5 the default path out of your network to the Internet? Where is your mail server, in the DMZ? Are there multiple mail servers and do you want to load balance to them from the Internet or you just want to pass mail onto them individually?
The simplest suggestion is to create virtual's for each direction, eg apply them to the relevant listening VLAN only. Then you can control which SNAT pools are applied as the traffic leaves the F5. But again this depends if you have multiple interfaces configured, eg seperate inbound, outbound, DMZ?
Given you have a requirement for outbound traffic then the 0.0.0.0:* virtual listening on the inside VLAN would use SNAT pool 2 and the 0.0.0.0:25 virtual listening on the DMZ VLAN would use SNAT pool 1. However you would have to reserve at least a few public IP addresses for virtual servers on the outside.