Forum Discussion
Redirect office 365 from virtual server direct to internet
Hi All,
I have one virtual server and all traffic will come to it. Then I will direct traffic to pool behind that virtual server which consist of two BlueCoat proxy devices. All traffic except for o365 needs to go to BlueCoat servers and o365 needs to go straight direct to the Internet.
I try to use this iRule and data group list for office 365 (for test I use some other IP):
when CLIENT_ACCEPTED {if { [class match [IP::remote_addr] equals o365_list ] } { node default_gw (this is GW of firewall)} else { pool Pool_BC}}
I attach this iRule to Virtual server and add proxy setting to client PC. HTTP traffic normal works, but this redirection for www pages which are in data group list still goes to proxy not direct to internet.
Thanks for advice and any idea.
add some loging to the the irule to make sure it actually decides to sent traffic to the default gateway
- jpersin_288375Nimbostratus
I did debug, but traffic goes to pool. Mybe is problem with data group. I use strings in data groups because I write wildcard addresess like *.onedrive.com.
ltm data-group internal Office_redirect_string { records { \*.onedrive.com { data *.onedrive.com } type string }
Thanks for any idea
- Lee_SutcliffeNacreous
You are using [IP::remote_addr] in the client side context, this will return the client IP, not the IP address of the destination (O345)
Additionally your datagroup contains stings and wildcards. Your iRule will not do a DNS lookup so you will always go into the else condition and go to the pool.
If you want to use domain names (requesting host header) to identify the destination, you should build your datagroup like this:
ltm data-group internal Office_redirect_string { records { onedrive.com {} } type string }
And use an iRule like this:
when HTTP_REQUEST { if {[class match [string tolower [HTTP::host]] contains o365_list]} { node default_gw } else { pool Pool_BC } }
- jpersin_288375Nimbostratus
Hello:
Here is datagroup config:
ltm data-group internal Office_redirect_string { records { \*.24ur.com { } \*.microsoft.com { } \*.onedrive.\* { } \*.onedrive.live.com { } www.avto.net { } www.najdi.si { data www.najdi.si } www.pristavec.si { } www.rtvslo.si { data www.rtvslo.si } www.smart-com.si { } www.telprom.si { data www.telprom.si } } type string }
I think that redirect traffic goes to gw but why Web page doesn't open.
- Lee_SutcliffeNacreous
Please update your datagroup so it looks like this, Microsoft requests were not going into the 'if' condition as datagroups do not parse wildcard characters (*).
ltm data-group internal Office_redirect_string { records { 24ur.com { } microsoft.com { } onedrive { } avto.net { } najdi.si { } pristavec.si { } rtvslo.si { } smart-com.si { } telprom.si { } } type string }
- jpersin_288375Nimbostratus
Ok, thanks, but I don't now why sites which are redirected are not open in client. Other pages which goes to proxy works but other which are in data group not works.
- Lee_SutcliffeNacreous
The forwarding probably isn't working as you've defined a pool member to 'forward' to. F5 by default will translate destination IP address to that of the pool members. You'll probably find your firewall is dropping traffic.
To get round this you have two options, disable address translation:
when HTTP_REQUEST { if {[class match [string tolower [HTTP::host]] contains o365_list]} { translate address disable node default_gw } else { pool Pool_BC } }
Or.. if your default gateway for your F5 device points out towards your firewall (and therefore internet) you can just use the
command. This bypasses load balancing and disables address translationforward
when HTTP_REQUEST { if {[class match [string tolower [HTTP::host]] contains o365_list]} { forward } else { pool Pool_BC } }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com