Forum Discussion

bsm1970's avatar
bsm1970
Icon for Nimbostratus rankNimbostratus
Mar 25, 2016

Setting up Self IPs, VLANs and interfaces properly

I am with a division of a much larger organization. The larger organization has a layer 3 firewall that all the divisions sit behind. We have some public-facing web servers that we are going to be standing up in a virtualized environment in our division and I've been tasked with standing up the BIG-IP F5 in front of our network to protect these sites.

 

I have experience with Cisco and Palo Alto firewalls, but am getting confused on the way the F5 is set up and works. I imagine some of that confusion is that we are using the Virtual Edition of the BIG-IP rather than a physical appliance like I'm accustomed to. So I was wondering if someone could help me understand how to work with the self IPs, interfaces and VLANs to get traffic flowing.

 

As I mentioned, the organization's layer 3 firewall is the border security appliance. It will take the public IP of our web server that a client is trying to reach and NAT that to an IP that is in the IP range of our external VLAN on the F5. Then the traffic will hit the F5 where a virtual server "listens" for traffic going to that IP range and sends that traffic to the web server which sits on an internal VLAN in a different IP range.

 

I'm just trying to understand in a simple, step by step fashion, how I would walk through that process of creating the proper self IPs, interfaces and VLANs. What do I set up first, then next and so on?

 

Let's say that the IP range of my external VLAN is 10.10.10.0/24 I have two internal VLANs. One has an IP range of 10.0.0.0/28 and the other is 10.0.1.0/28

 

Any help would be greatly appreciated and feel free to ask questions if I've left anything out.

 

  • I'm not sure. What specifically are you looking for? This is all in vSphere - the F5 and the web servers it will point traffic to.
  • What is your switch ports configuration? You probably have to configure your vlan tagging from your virtual hosting environnement or blades chassis. Then, from the F5 vm side, the network is accessible like any "ACCESS" configured port. When you create your vlans, select your interface, inscribe your tag vlan id but untagged it!
  • If I'm doing something wrong here, someone let me know. I don't know if I've broken a protocol for how to request help or if the way I'm describing my problem isn't easy to understand. I'm just finding it difficult to get this thing up and running.

     

    I know that the best way is to take one of the in-person training classes and I intend to do that. But the timeline won't allow for that right now. I just need to get traffic flowing, then I can go deeper from there.

     

    So if anyone can offer some insight here and answer a few questions from a n00b, I would be so thankful.