Forum Discussion
jpersin_288375
Nimbostratus
NimbostratusRedirect office 365 from virtual server direct to internet
Hi All,
I have one virtual server and all traffic will come to it. Then I will direct traffic to pool behind that virtual server which consist of two BlueCoat proxy devices.
All traffic except f...
jpersin_288375Nimbostratus
NimbostratusHello:
Here is datagroup config:
ltm data-group internal Office_redirect_string {
records {
\*.24ur.com { }
\*.microsoft.com { }
\*.onedrive.\* { }
\*.onedrive.live.com { }
www.avto.net { }
www.najdi.si {
data www.najdi.si
}
www.pristavec.si { }
www.rtvslo.si {
data www.rtvslo.si
}
www.smart-com.si { }
www.telprom.si {
data www.telprom.si
}
}
type string
}
I think that redirect traffic goes to gw but why Web page doesn't open.
Lee_SutcliffeNacreous
Please update your datagroup so it looks like this, Microsoft requests were not going into the 'if' condition as datagroups do not parse wildcard characters (*).
ltm data-group internal Office_redirect_string { records { 24ur.com { } microsoft.com { } onedrive { } avto.net { } najdi.si { } pristavec.si { } rtvslo.si { } smart-com.si { } telprom.si { } } type string }- jpersin_288375
Ok, thanks, but I don't now why sites which are redirected are not open in client. Other pages which goes to proxy works but other which are in data group not works.
- Lee_Sutcliffe
The forwarding probably isn't working as you've defined a pool member to 'forward' to. F5 by default will translate destination IP address to that of the pool members. You'll probably find your firewall is dropping traffic.
To get round this you have two options, disable address translation:
when HTTP_REQUEST { if {[class match [string tolower [HTTP::host]] contains o365_list]} { translate address disable node default_gw } else { pool Pool_BC } }Or.. if your default gateway for your F5 device points out towards your firewall (and therefore internet) you can just use the
command. This bypasses load balancing and disables address translationforwardwhen HTTP_REQUEST { if {[class match [string tolower [HTTP::host]] contains o365_list]} { forward } else { pool Pool_BC } } - jpersin_288375
Hello.
I try this solution and doesn't work. VS and nodes are in the same network. I see in ltm log that traffic goes to datagrup list. I try forward and translate address feature.
- Lee_Sutcliffe
Is the VS that this iRule is applied to on the same network as
? What device is node default_gw, is this a firewall?node default_gwIf so have you configured SNAT on your VS?
- jpersin_288375
Yes in the same network. Source address translation is set to "none"
- Lee_Sutcliffe
You will likely need to configure SNAT, please select Auto-SNAT
- jpersin_288375
I try with this option and result is the same.
- Lee_Sutcliffe
You're going to have to do some basic troubleshooting to find out the cause of the fault.
A few pointers:
- Run a tcpdump on your LTM
- Monitor the firewall to see if the traffic is arriving as expected
- Is any traffic being blocked?
- Do you have any routing issues?
- Do you have any NAT issues on your firewall?
- jpersin_288375
Ok I will do this. Thanks for now. I will update post with my findings.