Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Policy to forward to a range of ports

Go to solution
Chause1
Cirrus
Cirrus

‎27-Mar-2023 02:38

Good day,

We require a configuration that sends as an example ports 7001 - 7999 to a pool of backends servers.

The idea is to create a wildcard VIP (client ssl) and pool. Allow only those ports to connect to the VIP and load balance to the backend servers with the port it connected on.

How would we be able to go about creating a policy to achive this configuration?

Thanks for helping

Labels:
0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
Daniel_Wolf
Nacreous
Nacreous

‎27-Mar-2023 10:40

Hi @Chause1,

as an alternative you could use a Port List. Simply create on in Shared Objects ›› Port Lists.

Daniel_Wolf_0-1679938726705.png

And assign it to the virtual server.

Daniel_Wolf_1-1679938797676.png

KR
Daniel

 

View solution in original post

0 Kudos

Go to solution
Chause1
Cirrus
Cirrus
In response to Daniel_Wolf

‎28-Mar-2023 01:55

Thanks Daniel,

Will give it a go

 

View solution in original post

0 Kudos
11 REPLIES 11

Go to solution
Sebastiansierra
MVP
MVP

‎27-Mar-2023 07:49

Hi @Chause1 ,

You have to create an LTM policy and apply it to the VS, the rule is:

Sebastiansierra_0-1679928520644.png

Hope it´s work.

0 Kudos

Go to solution
Chause1
Cirrus
Cirrus

‎27-Mar-2023 09:33

Hi,

Thanks for the response.

I will test, I would like to deny the rest of the ports within the same policy. 

When I apply the following it seems to stop working 

Preview file
49 KB
0 Kudos

Go to solution
Sebastiansierra
MVP
MVP
In response to Chause1

‎28-Mar-2023 01:31

Hi @Chause1 ,

You have to modify policy 1 and change Apply to traffic: local for both rules:

Sebastiansierra_0-1679992176761.png

Hope it´s work.

0 Kudos

Go to solution
Chause1
Cirrus
Cirrus
In response to Sebastiansierra

‎28-Mar-2023 01:55

Thanks,

Would a client SSL profile have any influance on the traffic?

We receive traffic encypted and need to decrypt to backends. I think this is causing my headace at the moment

0 Kudos

Go to solution
Sebastiansierra
MVP
MVP
In response to Chause1

‎28-Mar-2023 02:41

Hi @Chause1 ,

Yes, you have to load the certificates to decrypt the traffic, because if you apply an HTTP profile without SSL certificates it gonna fail.

0 Kudos

Go to solution
Chause1
Cirrus
Cirrus
In response to Sebastiansierra

‎28-Mar-2023 02:55

Hi,

I have setup the policy as follows Policy deny only.PNG

When I run a curl I receive:

* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
* Closing connection 0
curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

I am still able to telnet t the VIP on any of those ports

 

0 Kudos

Go to solution
Chause1
Cirrus
Cirrus
In response to Chause1

‎28-Mar-2023 02:56

I am connecting on port 7791.

Am I wrong to be expecting a RST only or that Telnet should not work to any of those ports?

0 Kudos

Go to solution
Chause1
Cirrus
Cirrus
In response to Chause1

‎30-Mar-2023 00:19

Seems that the rule worked as expexted.

We decided to go the data group route.

Thanks for your time and input 

0 Kudos

Go to solution
Daniel_Wolf
Nacreous
Nacreous

‎27-Mar-2023 10:40

Hi @Chause1,

as an alternative you could use a Port List. Simply create on in Shared Objects ›› Port Lists.

Daniel_Wolf_0-1679938726705.png

And assign it to the virtual server.

Daniel_Wolf_1-1679938797676.png

KR
Daniel

 

0 Kudos

Go to solution
Chause1
Cirrus
Cirrus
In response to Daniel_Wolf

‎28-Mar-2023 01:55

Thanks Daniel,

Will give it a go

 

0 Kudos

Go to solution
Chause1
Cirrus
Cirrus
In response to Chause1

‎30-Mar-2023 00:17

Worked like a charm!!!

Thanks!!

0 Kudos
Copyright © 2023 Khoros, LLC