Forum Discussion
Hi TKC,
in a typical nPath configurtation your server dont use F5 as Def-GW. It should be your router. F5 should only see and balance ingress traffic...
Any specific reasons to use F5 as Def-GW on your servers?
Cheers, Kai
Hi Kai,
Because the server needs to verify the source IP.
I understand that if I change the G/W of the server to L3 and configure Automap, I need the X-forward-for function to check the source IP.
However, the G/W of the server was configured as L4 because the end customer was not able to use the X-forwared-for feature.
I searched on the forum and I think it can be solved with forwarding virtual server.
Is it possible to solve it with the configuration below?
ltm virtual Forwading_VS {
creation-time 2021-08-20:21:22:48
destination 0.0.0.0:any
ip-forward
ip-protocol tcp
last-modified-time 2021-08-21:10:00:37
mask 255.255.255.255
profiles {
fastL4 { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address disabled
translate-port disabled
vs-index 6
- Kai_WilkeDec 01, 2022MVP
Hi TKC,
I'm not sure if an asymetric routing setup is the right choice for your usecase. The asymetric routing may have certain unwanted side effects...
I would rather than put the F5 bidirectionally between your router and servers, so that the ingress and egress communication gets processed by your F5 (e.g. Client <-> Router <-> F5 <-> Servers). A very traditional and well known setup without any hidden side effects. By doing so, your Clients could directly access your backend servers or virtual servers on the F5 and the servers could also reach the networks attached behind your router.
And yes, an IP-Forwarding virtual server enables routing through your F5. So in any case this is the right way to pass traffic tranparently to/from your servers.
Cheers, Kai