Forum Discussion
Michael_57131
May 07, 2013Nimbostratus
I may need to read more about the iRule and insecurity. This is a temporary condition for a few months while we migrate off these pair of F5's and into a new facility where we are prepping the new F5's.
When I first posted, thought the solution would look something like:
1) create a forwarding virtual server to 10.101.104.0/24 for all ports
2) Create an iRule that changes the default gateway to the firewall on interface 10.101.224.0/24 network, where the firewall IP is 10.101.224.220.
3) assign the iRule to the forwarding virtual server
Then, when the LTM receives the packet from node A, for Node B (on the 104 network) with the Syn flag. the iRule changes the default gateway and traffic is routed to the firewall, the firewall sees the initial packet and so it will permit the second from Node B with the Syn-Ack flags since it's all routed through the FW.