Forum Discussion

Joern_Oltmann's avatar
Joern_Oltmann
Icon for Nimbostratus rankNimbostratus
Feb 11, 2013

Restrict Access for outgoing connect

Hi all,   one question. My internal App-Server use Google Maps. So i would like to restrict only the Google Network for these Server. My first idea, a outgoing virtual Server on my Big IP. That w...
application delivery
dev
devops
iRules
What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Feb 11, 2013
I agree with Nitass, you should configure a wildcard Virtual Server. You can then either user a Packet Filter or an iRule to restrict the traffic flow, for instance; 


Create a Data Group (called destination_ips below) with just the IP addresses/networks 
of the hosts you’d like to allow access to

when CLIENT_ACCEPTED {
 if { not [class match [IP::local_addr] equals destination_ips] } {
   reject }
}

You could also add a source host check to ensure only specific servers are permitted access.