cancel
Showing results for 
Search instead for 
Did you mean: 

LTM - DMZ Routing

Dustin_132959
Nimbostratus
Nimbostratus

We have 2 VLANs setup for a specific partition on our LTM. One is for their production servers, the other is intended to act as a DMZ as there is a particular server that needs a lot of ports opened to it from the Internet. To reduce the security risk of opening so many ports to the production network, another VLAN was created for this server to sit on. However, this server still needs to access select devices on their production network, but only using 1 port. How can I allow communication from the server in the DMZ to specific devices on their production network? Is setting up Layer 4 virtual servers the only to acheive this without completely opening the communication between the two VLANs? Is there a way that I can allow communication between the 2 networks, but restrict what devices it has access to without creating a virtual server for every device this server needs to communicate with on the production network?

 

Any assistance is appreciated.

 

Thank you.

 

3 REPLIES 3

What_Lies_Bene1
Cirrostratus
Cirrostratus

You could create a wildcard virtual server, enable it only on the DMZ VLAN and apply an access list as necessary?

 

Dustin_132959
Nimbostratus
Nimbostratus

Thank you for your reply. What would the wildcard server point to, the entire subnet on the DMZ?

 

nitass
F5 Employee
F5 Employee

How can I allow communication from the server in the DMZ to specific devices on their production network?

 

just wondering if host virtual server (i.e. server in production network) with specific source setting (i.e. dmz server) is usable.