Hello all, I've been unable to find a clear answer for SMTP outbound configuration with F5 Inline. Currently, I have SMTP and other Exchange services working inbound just fine. From the Internet, we...
The easiest way would be to route this traffic through F5. SMTP server --> gateway (routes destination x.x.x.x via F5) --> F5 (routes destination x.x.x.x via external router) --> router --> destination x.x.x.x
Or, you could proxy it via F5 by hiding the x.x.x.x address behind a y.y.y.y virtual server. SMTP server --> gateway (routes y.y.y.y via F5) --> F5 (translates y.y.y.y to x.x.x.x and routes x.x.x.x via external router) --> router --> destination x.x.x.x
Second option works well for a single x.x.x.x application, or for a x.x.x.x/xx network. First option is better if x.x.x.x is actually a large number of networks (a.a.a.a/aa + b.b.b.b/bb + c.c.c.c/cc etc.) In both cases, F5 needs to be configured to accept and forward this traffic. This object is usually a virtual server - I've detailed the setup in my previous message.
The issue I have is the default gw on the F5 is a core switch on the inside network, so the traffic flow from an internal client is -> F5 inside VIP -> exchange servers -> F5 self IP -> internal core switch, then outside.
For external mail flow, we want the traffic to route from internal client -> F5 internal VIP -> Exchange servers -> default route to F5 and exit DMZ to the outside. The problem with current design is default GW on the F5 is a core switch on the internal network. If I create the IP forwarding VIP as you mentioned and change the gateway of the server to the forwarding VIP, youre saying I can SNAT the source of exchange servers to self IP on the DMZ?
Key thing is I need outbound traffic to exit the DMZ, right now I don't have a default route on the DMZ network on the F5. The destinations will be many networks as Exchange talks to O365 and this as you're aware are many public destination networks.