Forum Discussion
Routing outbound traffic to a different VIP
I have a question regarding the routing capabilities of the F5 LTM. We have a scenario in which we have webservers sitting behind a VIP in our DMZ needing to initiate an HTTP session to an RSA web services for validation. Normally, we’d punch a hole in our firewall for each destination IP address, but given that RSA uses a cloud service, we can’t be sure to ever have a complete list of destination IPs. It is also technologically unsound to have our firewall perform DNS resolution, so using a domain name as the destination address in a firewall policy is out.
We were thinking about configuring the F5 to look for requests destined to RSA’s web services and forward them to a different VIP on the same F5 that has open access to the Internet. A VIP that is separate from the one used by incoming connections from our clients. Would this feat be possible using the LTM? We are running 10.2.2.
Thanks
dbrandel
- mikand_61525NimbostratusA hole is a hole is a hole... adding complexity to the hole doesnt make it go away :P
- ArieAltostratusCan you use certificates?
- nitassEmployeemay we do reverse lookup on destination ip and drop it if it is not part of rsa.com?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com