For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Patrik_Jonsson's avatar
Patrik_Jonsson
Icon for MVP rankMVP
Apr 01, 2014

Hi!

 

We have solved this by using virtual forwarding servers that only listen to the VLAN we want them to.

 

To create a virtual Forwarding server for ie. VLAN 633:

 

  1. Create virtual server.
  2. Set type Forwarding.
  3. Destination: Network, Network address + Mask
  4. Replace the default value of listening to all VLANs to only listen to the external VLAN.

Now, providing that your default route would go to the ASA the F5 would forward all internal traffic hitting the internal interfaces to the ASA according to its routing table.

 

Note that you need one forwarding server per VLAN and that the external forwarding server would have to listen to all internal VLAN's.

 

/Patrik