For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sanjeewa_Weera1's avatar
Sanjeewa_Weera1
Icon for Nimbostratus rankNimbostratus
Nov 28, 2018

SSL Offload and re-encrypt traffic between Route Domains

SSL Offload and re-encrypt traffic between Route Domains   like use NGFW features (IPS & AV) with F5 LTM. Traffic flow will be External client --- > fw1 --- > LTM (RD -01) --- > fw2 ---- > LTM (R...
application delivery
iRules
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Nov 29, 2018

Sanjeewa, you don't really need route domains if this is all layer 3 traffic. You simply need to create separate VLANs and self-IP subnets between each FW.

 

  • External client talks to FW1 on subnet1
  • FW1 talks to LTM on subnet2
  • LTM pools to FW2 on subnet3
  • FW2 default routes back to TLM on subnet4
  • LTM pools to web server on subnet5

Subnets 2 through 4 would all be internal, and as long as address translation is disabled, the destination IP could remain unchanged until you get to the LTM pool.