Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

How to setup health monitor for SMTPS (port 587) on F5 LTM


Please I will appreciate any help on how to setup a custom monitor on the F5 for secure SMTP  server.  I am trying to setup health monitor for our new mail server that is required to secure communication with the F5 on secure SMTP .The pool are not coming up on port 25 and there is no port 587 when I try to create the pools or add the nodes to the F5 node list.


F5 Employee
F5 Employee

What were your troubleshooting steps?


From the Active BIGIP, to verify routing:

-Are you able to successfully ping the SMTP server?

-Did you try a "port knock" test via the telnet command on port 25 and 587, to ensure routing and the port is open on the SMTP server?

-Do you have a SELFIP on the same subnet & VLAN as the SMTP server and/or a Default Route configured?

Yes, there are communication between the F5 and the servers. the pools comes up with TCP or ICMP and etc but not with TCP port 587. The virtual server has being working fine on port 25 until a new requirement for secure communication between the F5 and the servers. The servers are lsiten on secure SMTP. My objective is to setup secured SMTP virtual server for the servers and to enable secure end to end communication. I am not sure if the F5 virtual server will actual work without the health monitor being port 587. I having problem setting up custom health monitor with TCP port 587 and that is what I am requesting for help for anyone who know how to setup secured SMTP virtual server and health monitor.

F5 Employee
F5 Employee

In order to resolve your issue a few more steps of troubleshooting is needed --


A VIP or Pool with or without a monitor will still pass traffic. The BIGIP will treats the status as "unknown", where it does not know if the status is UP or DOWN.


If you are able to Ping/TCP, did you verify the firewall is not denying the traffic for the Self-IP, if you have "Automap" configured, or the VIP or SNAT IP, if you have a SNAT Pool configured?--TCP will always work if the traffic routes.