Forum Discussion
NimbostratusRouting between partitions / route domains
Hello, we currently have a f5 cluster configured with two partitions, two vlans and two route domains respectively default route domains for partitions :
Public partition with Public Vlan with Y route domain. Private partition with Private Vlan with Z route domain.
We would like to know if it's possible to route trafic from publicVS (1.1.1.10) to privateVS (2.2.2.10) to server (3.3.3.10), bypassing our firewalls. So without using the defaut gateway (firewalls) :
Thanks for your help
oscarnet_69487HI
LTM and firewall is transparent mode or route mode ?
thinks
have a good day?
leo_graellsHello, thanks for your help. FW in transparent mode & LTM in route mode
- oscarnet_69487
Hi leo
- Do you want to bypass firewall right?
- server fram in routedomain A or B ?
have a good day!
cjuniorNacreous
Hi, I think you only can do that flow, when you disable "Strict Isolation" on both RD, plus iRule in VS 1.1.1.10 to forward traffic from PartitionA, to another PartitionB virtual server, e.g.
when CLIENT_ACCEPTED { virtual /PartitionB/vs_2_2_2_10 }https://support.f5.com/csp/article/K84417414
https://devcentral.f5.com/wiki/irules.virtual.ashxMaybe is not a good idea bypass a firewall and disable isolation. I think the "Strict Isolation" and firewall should be precious to your network.
Best regards.
- leo_graells
Hello, yeah I want to bypass FW. Server farm is in other network (not on any routedomain). The VS on the RD 2 point on the server.
Thanks
- damjanev
If one uses "virtual /PartitionB/vs_2_2_2_10" to forward the client connection to the inside VS, how do we ensure that the response takes the exact reverse path from RD2 to RD1 without going between FWs? Firewalls are notorious for not liking out of state connections.