Forum Discussion

smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Dec 02, 2013

Using LTM for network forwarding

Our data center architecture has a pretty standard model, with an "internal" network and a "DMZ". Our internal network does not have a direct route to the Internet. However, I have LTMs in our DMZ th...
deployment
design
Thomas_Gobet_91's avatar
Thomas_Gobet_91
Icon for Cirrostratus rankCirrostratus
Dec 02, 2013

Creating a wildcard VS is not only made to inbound traffic.

 

Depending on which VLAN you're listening to, it can forward traffic coming from "Internal" VLAN to "External" VLAN. (outbound traffic)

 

What you have to check is :

 

1. Does your firewall allow your BIG-IP to go on Internet ?

 

1.a) If it's not, is there an IP in DMZ that your F5 can use to SNAT your Microsoft server ?

 

1.b) If it is, you can use virtual server with SNAT Automap.

 

smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Dec 02, 2013
First, thanks for sticking with me. Yes, our infrastructure does allow the LTM to get out to the Internet. The answer to both a) and b) is yes, I could do either. But the thing I am struggling first with is not how to get the LTM - > internet (that will come later), it's how to get the MS server to the LTM for a defined set of public Microsoft networks. Do we create routes on our internal router saying that the next hop for the public Microsoft networks is the LTM?