Routing outbound traffic to a different VIP
I have a question regarding the routing capabilities of the F5 LTM. We have a scenario in which we have webservers sitting behind a VIP in our DMZ needing to initiate an HTTP session to an RSA web services for validation. Normally, we’d punch a hole in our firewall for each destination IP address, but given that RSA uses a cloud service, we can’t be sure to ever have a complete list of destination IPs. It is also technologically unsound to have our firewall perform DNS resolution, so using a domain name as the destination address in a firewall policy is out.
We were thinking about configuring the F5 to look for requests destined to RSA’s web services and forward them to a different VIP on the same F5 that has open access to the Internet. A VIP that is separate from the one used by incoming connections from our clients. Would this feat be possible using the LTM? We are running 10.2.2.