Forum Discussion
noor_dawood_246
Nimbostratus
NimbostratusReverse Proxy
Hi Guys, I have a scenario that I have to translate into my production network.i will explain the idea and the components that I have in my network. 1- two f5 boxes in active standby with two route domains (inside, Dmz). 2- DC firewall and Edge Firewall 3- a service in the inside network that needs to be published to public users. 4- Dual arm setup in both route domains.
The current publish scenario of the service is taking the path(outgoing) [ Service --} DC firewall --} Edge Firewall --} Internet]. (Incoming) [ Internet --} Edge firewall --} DC Firewall --} Service.]
my ultimate goal is to publish this service to the internet and use the F5 as a reverse proxy. please keep in mind that i have a restriction to move this service to the DMZ area.so the scenario is to publish a service in the inside network through the DMZ area without moving the service to the DMZ area.
The target publishes scenario of the service should take the path : (outgoing) [ Service --} DC firewall --} F5 --} Edge Firewall --} Internet].and for the incoming [ Internet --} Edge firewall --} F5 --} DC Firewall --} Service.]
Regards
HamishCirrocumulus
Do you have a question in there?
Daniel_Alves_19I believe we have the same problem, because the route-domains have strict isolation, if you are in route-domain 1 for example you can not see the objects in second route-domain. I believe you need to create a Parent and Son relationship between the two route-domains.
Be careful with the document you select, as that one you referenced is for version 11.2.0, which is end of life. The basics of route domains haven't changed much, but it could miss new details. It might be best to navigate to the support site manually and select the specific version of LTM you have.
- noor_dawood_246
Hi Hamish, How can I achieve this design? I am looking for a valid design for this while considering security.
Regards
To answer your question in general, you would need to consider a few things:
- how you are going to cause traffic to traverse your F5 system?
- are you going to use routing protocols or static routes?
- are you using a VM or physical appliance? If physical, does it have enough ports to accommodate the connectivity between all devices?
- do you have a requirement to route traffic across the F5? For example: Could you get by with connecting the system in a one-armed configuration to a firewall? Sometimes this can be more simple to implement.
Keep in mind that a VLAN can only belong to a single route domain instance, so you would need at least 4 VLANs to accommodate this deployment.
