Virtual Server not forwarding to Website

Question

I'm trying to setup the F5 to takeover our reverse proxy functionality for websites.  But when I've tested the site externally it does not display.  I can see it hitting the Virtual server but is not using the traffic policy to forward to the correct server.&nbsp;
The F5 sits behind our firewall and we NAT our external IP address to the F5 Virtual Server Address on it's external interface.  From their I've created a traffic policy to forward the request to the node hosting the website. The web server is on the same subnet as the internal IP of the F5.&nbsp;
I did initially create a VS with an internal IP address to test the connection with the traffic policy and that worked.&nbsp;
I suspect I've missed something obvious.  Does anyone have any suggestions?&nbsp;

mvdg · Answer

Hi,&nbsp;
Several things you can check.&nbsp;
Is the internal IP-address of the F5 configured as default gateway on the webservers? If not, yu should configure AutoMap or SNAT. (If you have a F5 cluster, the default gateway should be the Float IP-addres).&nbsp;
Have you checked traffic on the internal and external interface of the F5 with tcpdump? Do you see traffic leaving the internal interface to the webservers?&nbsp;
Is all OK within the Network Map?&nbsp;
Create a simple setup without traffic policy. Just VIP -&gt; Pool -&gt; Node. Use a simple built-in Monitor and if SSL is needed, use the built-in SSL profiles. If this is working, add custom SSL profiles, Monitors and traffic policies to your configuration. But do it step by step so you can find out which part is causing the problem.&nbsp;
Regards,
Martijn&nbsp;

martijn_144688 · Answer

Hi,&nbsp;
Several things you can check.&nbsp;
Is the internal IP-address of the F5 configured as default gateway on the webservers? If not, yu should configure AutoMap or SNAT. (If you have a F5 cluster, the default gateway should be the Float IP-addres).&nbsp;
Have you checked traffic on the internal and external interface of the F5 with tcpdump? Do you see traffic leaving the internal interface to the webservers?&nbsp;
Is all OK within the Network Map?&nbsp;
Create a simple setup without traffic policy. Just VIP -&gt; Pool -&gt; Node. Use a simple built-in Monitor and if SSL is needed, use the built-in SSL profiles. If this is working, add custom SSL profiles, Monitors and traffic policies to your configuration. But do it step by step so you can find out which part is causing the problem.&nbsp;
Regards,
Martijn&nbsp;

chris_richards_ · Answer

Hi Martijn&nbsp;
Thanks for the advice.  Started again and I've got it working. I had an SSL client profile which was causing me the problem. Will take a look at SSL profilelater.&nbsp;
I said it would be an obvious in the end.&nbsp;
Regards&nbsp;
Chris &nbsp;

chris_richards_ · Answer

Hi Martijn&nbsp;
Thanks for the advice.  Started again and I've got it working. I had an SSL client profile which was causing me the problem. Will take a look at SSL profilelater.&nbsp;
I said it would be an obvious in the end.&nbsp;
Regards&nbsp;
Chris &nbsp;

Forum Discussion

Virtual Server not forwarding to Website

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Use BIG-IP LTM Virtual Server & iRule for an internal "What's My IP" website

Troubeshooting website connection

iControl REST Cookbook - Virtual Server (ltm virtual)

F5 Distributed Cloud: Virtual Sites - Regional Edge (RE)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS