Redirecting to External IP Address

Hi Brett,

 

 

Thanks, that does make things clearer.

 

 

Not to be pedantic, but typically FTP runs on TCP ports 20/21 (Click here) and SSH/SCP/SFTP runs on TCP port 22. You'll want to separate these two protocols using separate VIPs as you'll want to use an FTP profile for the FTP traffic.

 

 

What you've described is standard "load balancing" with the minor exception that the servers are not on network local to LTM. As long as there is a route to the remote hosts it should work fine. You'll probably need to use SNAT on the VIPs. Make sure to install the latest subversion for the version you're running as there have been some issues using SNAT on an FTP VIP. Here are a few related solutions I found searching for FTP and SNAT on AskF5:

 

 

SOL8455: FTP traffic does not pass through a SNAT (affects 9.4.4 only)

 

https://support.f5.com/kb/en-us/solutions/public/8000/400/sol8455.html

 

 

SOL9707: Active mode FTP data connections may fail when used through a SNAT

 

versions: 9.4.7, 9.4.6, 9.4.5, 9.4.4, 9.4.3, 9.4.2, 9.4.1, 9.4, 9.3.1, 9.3

 

https://support.f5.com/kb/en-us/solutions/public/9000/700/sol9707.html

 

 

For the SFTP traffic, you can configure a performance layer4 VIP with a fastL4 profile and SNAT (automap to use a floating self IP on the egress or a SNAT pool if you want to manually specify the source IP(s)). Configure the servers in a pool on port 22. That should be it.

 

 

For the FTP traffic, configure a standard IP VIP on port 21 with an FTP profile nd SNAT (automap to use a floating self IP on the egress or a SNAT pool if you want to manually specify the source IP(s)). Configure the servers in a pool on port 21.

 

 

The firewall(s) between the clients and LTM and LTM and the servers will need to support active and passive FTP if you want LTM to.

 

 

Aaron