Persistance thru multiple NAT's and F5's

Question

I inherited a design where public IP comes thru the External FW to DMZ F5. Public IP is a VIP with a pool member IP that is private IP. That Private IP is NAT'd to internal F5 VIP (on another FW). Internal F5 has the real pool members behind it. &nbsp;
SSL bridging happens on DMZ F5 to internal F5 VIP. Internal F5 then uses http to talk to backend servers.&nbsp;
The issue is persistence, since only internal F5 knows real backend servers, and all IP's to Internal F5 will have same DMZ F5 IP, how would this be set up?&nbsp;
We've seen when both backend member are online, the packet will go to wrong backend server that doesn't have the session and thus error. If only one backend server is up, no issues.&nbsp;
Currently SSL persistance is the default.&nbsp;
Thx &nbsp;

simon_blakely · Answer

You should use Cookie Persistence or universal persistence on the application Session ID.&nbsp;
K83419154: Overview of cookie persistence&nbsp;
K7392: Overview of universal persistence&nbsp;

Forum Discussion

Persistance thru multiple NAT's and F5's

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

BIG-IP AFM設定例-NAT

Setting up persistence in F5 XC

NAT for specific IPs

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

SOCKS5 SSL Persistence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS