Tunnel default gateway in APM

Hi,

 

In APM you there isn't any routing configuration.

 

It's linked to your general configuration.

 

So if you want to go through your firewall for every requests, you have to define a default route in "Network -> Route"

 

Hi Thomas

 

Thanks - just what I suspected and what the current solution is. Unfortunately this only works for destinations that is not in the routing table, while directly connected interfaces will mess up the traffic pattern.

 

Could route domains be used to provide the users with a "clean" routing table?

 

/David

 

Hi,

 

What you can do is to define your Self-IP in another subnet than the one used by your servers.

 

Even if you use route domain, it won't change anything because route domain is here to isolate different virtual servers for example. You can have different default route on different route domains, but your problem is still the subnet.

 

Another option is to configure a layer 4 virtual with a pool as the gateway next hop (example below):

 

ltm virtual v4_nexthop { destination 0.0.0.0:any mask any pool 192.168.0.1 profiles { fastL4 { } } source 192.168.0.128/28 translate-address disabled translate-port disabled vs-index 7 }

 

ltm pool 192.168.0.1 { members { 192.168.0.1:telnet { address 192.168.0.1 session monitor-enabled state up } } monitor gateway_icmp }

 

Alternatively, you can use just a layer 3 forwarding VIP and add the following iRule:

 

ltm rule v4_next_hop { when CLIENT_ACCEPTED { nexthop internal 192.168.0.1 log local0. "[IP::remote_addr]:[TCP::remote_port] > [IP::local_addr]:[TCP::local_port]" } }

 

Either works fine for sending traffic to a gateway other than what is configured in the TMOS routing table.