For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tolinrome_13817's avatar
tolinrome_13817
Icon for Nimbostratus rankNimbostratus
Mar 24, 2014

Routing and VIPs

I have a question regarding how routing can be accomplished between subnets or (interfaces) with the Big-IP I have. I have an F5 that has interfaces on the (inside, dmz, and a couple of other subnets). Some traffic from outside will be diverted to the DMZ, to the F5, the VIP will then direct it to the inside, to go back through that dmz interface to the firewall and then to the inside interface.

 

The way I want to have it setup is to be directed to the dmz, but then go to the inside without going back through the firewall. Is this possible since I do have those vlans (interfaces) already connected on the F5? So if a request on the F5 Big-IP that is in the DMZ has to go to the inside will it go through that interface w/o going through the firewall first?

 

application delivery
deployment
design
LTM
management

2 Replies

  • rolf's avatar
    rolf
    Icon for Cirrus rankCirrus
    Mar 24, 2014

    Not sure if I understand your needs right, but in case your routing on the F5 is configured corret for the internal network, you could make use of the SNAT (depending on the sizing needs 'automap' would be fine). If your application does not allow SNAT, you could route the Server answers to the F5 or (maybe preferable) confiugure nPath routing...

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 24, 2014

    I think it all depends on the routing you have setup on the BIG-IP. I would say it is possible, but I can't say for certain because I don't know exactly what your network infrastructure looks like. Can you possibly post a high level diagram?