Wildcard Virtuals & Partitions

Question

I'm setting up a new LTM/AFM pair and want to use partitions to separate the AFM virtuals from the LTM virtuals.  I am having a hard time understanding how to process outbound traffic to the internet (unknown destinations).  
Normally I would just set up a wildcard forwarding VS and enable it on the specific VLANs I want to have outside access.  Since the VLANs are in partitions, I have to create one for each.  However I receive an error when attempting to create two 0.0.0.0/0 VSs even when they are enabled on different VLANs.
01070726:3: virtual server /SharedLB/FwdVS-Wildcard in partition SharedLB cannot reference virtual address /SharedFW/0.0.0.0 in partition SharedFW

Is this expected behavior?  If so, what are my options?  
The problem is I have separate VLANs for the normal VS addresses and I do not want to enable access for them.  Would creating a wildcard VS and disabling only those VLANs work instead, regardless of which partition it resides?  
Would I be better off creating a FastL4 VS and using a default gateway pool (the same one that my default route uses)?
I'm sure I could get this working with multiple route domains but I'd like to avoid that complexity if at all possible.

garypayton_1346 · Answer

Thinking more about this, would a solution be to enable it on all VLANs but use AFM to deny traffic on self-IPs for the VLANs I do not want to have outside internet access?

bboyjnr_8532 · Answer

you may want to look into route domains... &nbsp;
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_route_domains.html &nbsp;
this isnt a RTFM but more of a pointer as my route domain understanding is very basic and may not include wildcard VS's but if it does then happy days!&nbsp;

garypayton_1346 · Answer

Yea I'm certain route domains would work but I want to avoid them as to not to confuse the lower level support guys.  I've also heard many horror stories of route domain issues with upgrades...&nbsp;

wahezu_23937 · Answer

Hi garypayton,&nbsp;
I am having exactly the same issue creating wildcards for different partitions. Although we use route domains in other F5s without AFM, for the new ones I would like to avoid using Route domains for the same reasons you stated in the post.&nbsp;
How did you configure your system eventually? &nbsp;
Thanks,
Wahezu.&nbsp;

brad_11440 · Answer

Sorry I literally left that company a couple weeks after making that post, I am not sure how they ended up configuring it...&nbsp;

Forum Discussion

Wildcard Virtuals & Partitions

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Wildcard Parameter signature attack

VMware to Red Hat OpenShift Virtualization Migration

Collect all partition pool member stats with tmsh

F5 Distributed Cloud: Virtual Sites - Regional Edge (RE)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS