For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rrey_156291's avatar
rrey_156291
Icon for Nimbostratus rankNimbostratus
May 22, 2014

SNAT for outbound, problem with firewall

Hello,

 

I have requirement for outbound internet access from my servers, I have different vlans X, Y, Z, When I set the SNAT is not working until I set a firewall rule to send traffic from the vlan X to ANY ANY, then the server in vlan X can access the internet, the problem with that is that server in VLAN X can access also Server in VLAN Y. How I can set rules to servers in vlans can access the internet without compromising my security.

 

Thank RR

 

P.d Excuse my english

 

availability
BIG-IP Access Policy Manager (APM)
security
TMOS
TMSH

2 Replies

  • HHeredia_36237's avatar
    HHeredia_36237
    Icon for Nimbostratus rankNimbostratus
    May 22, 2014

    would be useful to have a diagram. However, if you're setting the SNAT you can select which vlan you want to apply it.

     

    Normally you enable SNAT on the vlan which it receives traffic and then it takes the IP of the outgoing vlan. You may have this configuration to ALL VLANs.

     

    cheers, hheredia

     

  • rrey_156291's avatar
    rrey_156291
    Icon for Nimbostratus rankNimbostratus
    May 22, 2014

    Hello HHeredia,

     

     

    I configure right SNAT or I guess, the problem is for a computer in vlan 10 to access internet I need to create a rule in the F5 firewall to access the intenet example:

     

    source vlan 10, destination: ip: any port: any..

     

    the problem with this rule is that after I applied the rule the server in vlan 10 effectively can access the internet but also every vlan that I have creating a security hole for me.