15-Jul-2022 02:23 - edited 15-Jul-2022 02:24
Hi,
Just a "stupid" question:
Is there a reason NOT to use Shared object address list's with a VS?
In contrast using multiple VS configurations (when only destination address is the difference).
Like to hear you thoughts
Solved! Go to Solution.
15-Jul-2022 02:49
Please lookup your /config/bigip_base.conf for the ACL related configuration objects.
The shared objects concept may significantly reduce the number of configuration objects, i.e. mixing IPv4/IPv6 source/destination addresse in lists. Same story for destination ports.
15-Jul-2022 02:42
When using shared objects some ACL mechanisms are applied in the background.
In the past I saw some issues there (especially in the context of route domains), which seem to be fixed in the current TMOS v15.1.5.1.
15-Jul-2022 02:45
Hi Stephan,
Thanks for the response. This is the same version we are running at the moment 😉
15-Jul-2022 02:49
Please lookup your /config/bigip_base.conf for the ACL related configuration objects.
The shared objects concept may significantly reduce the number of configuration objects, i.e. mixing IPv4/IPv6 source/destination addresse in lists. Same story for destination ports.
15-Jul-2022 02:58
The mix of IPv4/IPv6 is exactly why I want to use it.
Butissues will also be there , no matter what solution you will implement.
My biggest "concern" is making 2 VS (1 IPv4 and 1 IPv6) is that you need to do every config change twice. Which is a potential problem, as somebody making changes to only one VS.
By the ACL in the config file you mean "security firewall address-list" As they must be/should be the same as the configured lists?
19-Jul-2022 10:02
Doesn't seem this is quite sorted yet? @Ed_Martens - have you come to any new understandings here? or is this still a potential problem?
I'd be happy to get some Eng's to take a look here if what @StephanManthey said isn't 'the final word'.
20-Jul-2022 01:09
Hi,
It is not a problem,
But he answer is in the line of my own thoughts.
I'll "Accept the Solution"
20-Jul-2022 06:10
It is pitty, shared objects for us is not working.
We have a VS which configures the F5 a transparant proxy, VS with destination address 0.0.0.0/0 and port 443.
So we are running against https://support.f5.com/csp/article/K47569205
Pitty