Forum Discussion
Racquel_Mays
Employee
EmployeeUse LTM Policies to Create a VIP listening on Specific Ports
All, we are moving from A10 to F5 LTM. With A10 we have 1 VIP, and up to 4 "service-groups" or pools serving 4 specific ports. My goal is to provide a similar functionality in the LTM using Local Tra...
#facepalm...notice the hidden option on the tcp port:
mine was remote by default, changing to local fixed the issue. Working policy that should help:
ltm policy allports_testpolicy { controls { forwarding } last-modified 2021-02-10:16:42:35 requires { tcp } rules { tcp-80 { actions { 0 { forward client-accepted select pool nerdlife_pool } } conditions { 0 { tcp client-accepted port local values { 80 } } } } tcp-8080 { actions { 0 { forward client-accepted select pool nerdlife_pool } } conditions { 0 { tcp client-accepted port local values { 8080 } } } ordinal 1 } tcp-all-else { actions { 0 { shutdown client-accepted connection } } conditions { 0 { tcp client-accepted port local not values { 80 8080 } } } ordinal 2 } } status published strategy first-match }
Racquel_MaysEmployee
EmployeeIn looking at this setup. SSL and non-SSL traffic will use the same VIP. I found a vulnerability, K21942600. What are the security concerns?
JRahm
Admin
Adminimplementing the workaround should cover you on traffic that should be encrypted. for the intended non-ssl traffic, that shouldn't factor into the scenario.
And yes, I do a fair amount of youtube stuff for DevCentral, though I will walk away from any "star" talk 😀