Wildcard Virtual Server IP Forwarding
Hi - we have an SMTP server that sits off a DMZ vlan off the F5. The D/G for the SMTP server is the real address of the F5. We want to the SMTP server to be able to make SMTP calls to any SMTP servers on the internet. Therefore we do not know the destination IP addresses. We do not want to the F5 to NAT the source IP address in anyway (the next hop after the F5 is an internet facing firewall which will NAT the source IP to a relevant RIPE address). All the literature says - just create a "IP forwarding wild card virtual server". I have and it doesn't seem to work. I can see an SMTP request from the DMZ SMTP server to another server hit the F5 on the DMZ vlan interface by doing a tcpdump. I don't see it exit the box on the other vlan interface that faces the internet firewall. So the F5 is not passing it on? What I do notice is that when I create the wildcard forwarding server the status is "blue square" (presumably because it doesn't have any pool associated with it to say it should be green and up - but you don't have pools with wildcard forwarders do you ?). So when you create the wildcard forwarder - should it be green? The config for the wildcard VS is below (and yes this is not on the default routing domain).
ltm virtual rd1-smtp-global { address-status no destination 0.0.0.0%1:any ip-forward mask any profiles { testfastl4 { } } source 0.0.0.0%1/0 translate-address disabled translate-port disabled vlans { rd1-smtp-1148 rd1-smtp-real-1140 } vlans-enabled vs-index 58
NB. the virtual address associated with the virtual server is marked as up and green cos I forced it up. But that makes no difference to the vs. I'm not sure what else I can do unless it's maybe a bug? - code version is 11.5.3. Any help greatly appreciated.