cancel
Showing results for 
Search instead for 
Did you mean: 

Internal Server in an F5 needs to go Outbound Using another F5

f5noob29
Altocumulus
Altocumulus

Hi,

 

Is it possible for an Outbound proxy F5 to listen to an internal server that is configured as a pool member on another F5?

 

Here is the scenario and traffic flow, each line corresponds to a hop

 

  • Internal server - need to go out to internet and configured as a pool member on an F5, but this same F5 cannot be used as an outbound proxy due to security.
  • Firewall - internal server passes the firewall, this is the firewall between the internal server and the outbound proxy F5
  • Outbound proxy F5 - this is the F5 that would go out to internet

 

Here is what I configured so far but I'm not sure if this is going to work as we are not yet testing it, I just need an experts advised if this makes sense.

 

  • Firewall has been opened between the internal server and the outbound proxy F5.
  • In the outbound proxy F5, I have configured an outbound VIP (Forwarding IP) and listens for any traffic on its incoming VLAN, NAT to an external IP and forwards it to the internet

 

My concern is, will this work even if the internal server is on a different F5 and VLAN than the outbound proxy F5 listens to?

 

Internal server (VLAN1) > Firewall > Outbound F5 (listens on VLAN2)

 

1 REPLY 1

Should work. I don't see any reason why this should not work. Just make sure that traffic originating from the internal server towards the internet is properly routed back via the outbound proxy F5. But since you already mentioned that you are using NAT, it should be fine.