Forum Discussion
mikand_61525
Jan 24, 2012Nimbostratus
You mean that your webservers will be srcip for requests going to the internet?
And that your setup is following?
Internet <-> Firewall (NAT) <-> F5 <-> Webservers
Well regarding "wildcard" server thats mainly used for when one want the F5 to act as a regular L3-device (router, think Cisco 6500 or whatever). That is because the F5 is default block. If the packet hitting the F5 cannot be matched to any VServer (Local Traffic Manager configuration) the packet will be dropped.
For information on how to setup your F5 to act as a router: http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/52/aft/2160861/showtab/groupforums/Default.aspx2236528 (look at my postings from 01/14/2012).
So sure, you can either use:
1) Wildcard (for routing)
+
2) Specific VServer for the inbound connections (someip:TCP80)
no need for snat automap
OR you can let F5 be part of your security infrastructure and only setup:
1) Wildcard for outgoing traffic (like 0.0.0.0:443 and even limit this to the vlan where your webservers sits)
+
2) Specific VServer for inbound connections (someip:TCP80) and also limit this to the vlan where your firewalls sits.