Internal Network access to External(Internet)

Question

Our F5 Internal Network is connected to an Firewall. Behind the firewall, is another subnet of Public IP address. 
&nbsp;  
&nbsp; Example : F5 Internal Network is 202.6.1.0/25, there is a firewall with IP 202.6.1.11/25.  
&nbsp; Behind the firewall, is another Public IP range, eg 202.6.2.0/25. LB will route traffic to this network via 202.6.1.11.  
&nbsp;  
&nbsp; Noticed that the server from 202.6.2.0/25 is not able to connect to host in Internet.  
&nbsp;  
&nbsp; A SNAT for one-to-one mapping is configured for each individual IP in the Internal network.  
&nbsp; For example, SNAT configured for 202.6.2.10 SNAT to 202.6.2.10.  
&nbsp;  
&nbsp; Can I allow Internal host access to external network without SNAT? There are many internal hosts, creating SNAT for every IP doesn't seem to be very practical.  
&nbsp;

dennypayne · Answer

Sure, just create a wildcard forwarding virtual server - 0.0.0.0:0, type Forwarding(IP), and enable it only on the internal VLAN.  As long as the LTM's default gateway knows to route the outgoing connections back to the LTM (because it will now see the internal IP's as the source address instead of the SNAT) you should be fine. 
&nbsp;  
&nbsp; Denny

Forum Discussion

Internal Network access to External(Internet)

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Create isolated environment for internal and external networks

2 internal server vlans

F5 Network Map to Json with Python

What is the Lightning Network?

Redirecting to an external site when the internal site is down