Forum Discussion

Nimbostratus

Sep 26, 2022

Restricting traffic between Vlans.

We have an F5 servicing our DMZ. It hosts the external IPs and acts a router for the DMZ servers. +--- [ VLAN_2110 ] [ Internet ] ---- [ F/W ] ---- [ F5 ] --...

MVP

Sep 27, 2022

F5 is a default deny deivce, so inter-VLAN routing is denied out-of-the-box unless you explicitly allow it (using something like an IP forwarding Virtual Server).

To prevent clients in a VLAN from accessing Virtual Servers on the "Internet" side potentially leading to servers in the other VLAN, you can configure the VS to listen only on Internet VLAN. This is usually common practice.

If the requirement is to have completely dedicated VRF's as well, you might want to take a look at F5 Routing domain feature https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-routing-administration-11-6-0/8.html

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Restricting traffic between Vlans.

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform AS3 code for GTM Only.

BIG-IP device fails to install node-inspector

WAF Block Request

AST Configuration Assistance

F5 HA deployment in Azure using Azure Load Balancer

Related Content

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

S3 Traffic Optimization with F5 BIG-IP & NetApp StorageGRID

F5 iRule Geolocation restriction

Irule for restricting access

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS