For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Franky-frank-reg7's avatar
Franky-frank-reg7
Icon for Altocumulus rankAltocumulus
Jul 18, 2023

SMTP outbound F5 Design

Hello all, I've been unable to find a clear answer for SMTP outbound configuration with F5 Inline. Currently, I have SMTP and other Exchange services working inbound just fine. From the Internet, we...
application delivery
CA_Valli's avatar
CA_Valli
Icon for MVP rankMVP
Jul 19, 2023

 

Franky-frank-reg7 wrote: If I create the IP forwarding VIP as you mentioned and change the gateway of the server to the forwarding VIP, youre saying I can SNAT the source of exchange servers to self IP on the DMZ? 

Correct, except F5 self-ip (or better, floating IP if it's a cluster) on the intenal VLAN will still be the gateway -- not the forwarding vip. Setup will be pretty much like this:

I'm assuming you have configured routing on F5 so that O365 networks are routed through DMZ gateway: from your schema, does the PC/mobile External client not hit the DMZ when traffic is inbound?? 

[EDIT]: if you're happy with self-ip on the DMZ, snat automap will work too. If you need a specific IP you can configure a snatpool with said IP and it willbe used instead.