For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ed_26015's avatar
Ed_26015
Icon for Nimbostratus rankNimbostratus
Dec 04, 2010

Source routing with iRules

Hi all,     I hope you can help.     I have two interfaces on the F5 that connect back to a Cisco PIX again on different interfaces.     Topology is 10.130.4.1 & 10.130.32.1 for the ...
application delivery
dev
devops
iRules
Ed_26015's avatar
Ed_26015
Icon for Nimbostratus rankNimbostratus
Dec 16, 2010
If it helps the current syntax of the iRule is;

 

 

when CLIENT_ACCEPTED {

 

log local0. "[IP::client_addr]:[TCP::client_port]: destination [IP::local_addr]:[TCP::local_port]"

 

 

Check if client IP is in the DMZ_Inside datagroup

 

if {[class match [IP::client_addr] equals DMZ_Inside]}{

 

log local0. "[IP::client_addr]:[TCP::client_port]: Matched DMZ_Inside, using 10.130.32.1"

 

node 10.130.32.1

 

} else {

 

node 10.130.4.1

 

log local0. "[IP::client_addr]:[TCP::client_port]: Matched DMZ_Inside, using 10.130.4.1"

 

}

 

}

 

 

This is applied to the Virtual server which is applied to the DMZ interface (10.130.52.0/22)