Forum Discussion

James_B_270863's avatar
James_B_270863
Icon for Nimbostratus rankNimbostratus
Jan 11, 2017

TMG --> Big IP migration

Hi,

 

We are migrating from TMG to Big IP.

 

Is there an equivalent of the TMG 'Public Name' tab in Big IP?

 

This is the place where you would define all the FQDN's that the rule would apply to.

 

Thanks

 

application delivery
LTM

4 Replies

  • Andrew_Husking's avatar
    Andrew_Husking
    Icon for Cirrus rankCirrus
    Jan 11, 2017

    When we did our TMG (well, ISA back when we did it) migration, we had two scenarios where this was used.

     

    1. Only responding to web requests if the host matched.

       

    2. Forwarding to a pool based on what the host name is.

    Either of these can be done on the F5, it's just not as simple.

     

    Depending on what version you're running it can be done using iRules or LTM Policies.

     

    With a little more info I'm happy to help out :)

     

  • crodriguez's avatar
    crodriguez
    Ret. Employee
    Jan 11, 2017

    I'm not completely familiar with TMG but in the brief reading I did here, it sounds like what you're looking for is the ability to have a single virtual server (with 1 IP address) process traffic for multiple HTTP applications. For example, and both resolve to a single IP address, but you want those requests for to be directed to one back end application server while those requests for to be directed to a different back end application server. On a BIG-IP, you could have a single virtual server that listens at the IP address DNS resolves to for both names, then use an iRule to select the appropriate back end server based on the host name requested. Your iRule might look something like this:

    when HTTP_REQUEST {
    switch [HTTP::host] {
        "www.app1.com" { node 172.16.20.1 }
        "www.app2.com" { node 172.16.20.2 }
        default { node 172.16.20.3 }
    }
}

    Depending on how many applications are supported by the single virtual server, you could change from using a switch statement to using what's called a "data group" where you keep a mapping of host names and associated IP addresses.

  • James_B_270863's avatar
    James_B_270863
    Icon for Nimbostratus rankNimbostratus
    Jan 12, 2017

    Hi Andrew,

     

    Yes, your scenario 1 is what we are looking for. Not sure what other info you need. The TMG rule is pretty basic, all websites would be on the same VS with a pool of 1 sharepoint server. So basically, if the host does not equal a pre defined list which would be the same as the list in the TMG public name tab then respond with a 404 (or something similar)

     

    If you need any other info let me know. Thanks

     

  • Andrew_Husking's avatar
    Andrew_Husking
    Icon for Cirrus rankCirrus
    Jan 12, 2017

    Create a datagroup with the below config

    ltm data-group internal allowedsites{
    records {
        www.app1.com { }
        www.app2.com { }
    }
    type string
}

    Then try the following iRule

    when HTTP_REQUEST {
    if { not ([matchclass [HTTP::host] equals allowedsites ])} {
        drop   
    }
}

    I don't have an environment that i can confirm it validates but it should work.

    Alternatively if you wanted to respond a page instead of dropping the connection you could replace the drop line with:

    HTTP::respond 404 -version 1.1 content {  }

    HTH Andrew