Forum Discussion
NimbostratusVirtual F5 and VIP blocking port 80
guys, Is this default configuration. I have created a vip to monitor two node. When I log on to a different machine and "try to tracert/telnet it cannot open the connection to the host on port 80. " Is this default behavior. ?
I want the vip to allow all trafic . does it block by default. "allow src 10.xxx.xxx.255./24 port 80 dst 204.170.25.11 port 80 deny all"
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.xxx.xxx.255] }{
log local0. "Allowed Traffic"
}
else{
discard
}
}
is the above irule correct. Do i really need to write a irule for allowing traffic for this vip.? Any pointer is appreciated.
3 Replies
- Kai_Wilke
MVP
Hi Sunilprabha,
change the syntax as outline below...
when CLIENT_ACCEPTED { if { [IP::addr "[getfield [IP::client_addr] "%" 1]/24" equals "10.xxx.xxx.0"] } then { log local0. "Allowed Traffic" } else { discard } }Cheers, Kai
IainThomson85_1Cumulonimbus
The F5 is a default deny device in effect. However if you've created a VIP - you should have a virtual address how listening on this IP/Port
You might want to look at Packet Filtering https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_0_0/tmos_packet_filters.html
However, you wouldn't get the entry in the log :)
SP_266134Thanks for your reply. I have this issues going on. Can you share your thoughts. https://devcentral.f5.com/s/feed/0D51T00006i7eVfSAI
 
