Route Domains
I see a very old post on how secure route domains are How safe are route domains? | DevCentral I want to understand in this kind of deployment should we be aware of any issues or is it a good idea wrt security to use routedomain for DMZ? If anyone has deployed DMZ in route domain, what issues have you seen? What are the Pros and Cons if GTM is deployed?2026 is Almost Here
As we are in the final days of 2025 I would like to know what everyone's F5 or DevCentral related resolutions are for 2026. Are you looking forward to advancing certifications or learning about products you don't work with? Maybe you want to contribute more in CodeShare or Community Articles? Leave a comment with your resolution so we can all come together and root for each other in the new year! I am looking forward to cheering on all our members on in 2026. -Melissa
Checkpoint Web Smartconsole behind reverse proxy.
Does anyone have any experience at trying (and hopefully suceeding) to put a Checkpoint (CP) FW Provider-1 based web smartconsole behind a reverse proxy. The thing is that CP use local IP addresses to identify one of a selection of management module instances. And they use webtransport/websockets to connect from these mgmt modules back to a browser for displaying FW policies and log data etc. That all seems fairly OK but they don't anchor it using the connection ID and so the raw IPs (of what they call the domain blade/instance) get passed to the browser. But we would prefer to NAT/hide/reIP the server (domain) side IPs and not have the internal server/domain IPs sent along to the browser. Part of the conversation, and some wrapper text from me, from the server to the client follows: *** We wish to use access to various customer domains using the /smartconsole web interface. But the access has to be behind a reverse proxy (F5 vIP) and after the initial logon using the CMA IP behind a vIP (so address the browser sees is a service public one) you get a screen where the domain is listed and after selecting continue you get redirected seperately to the CMA IP in an internal JSON/javascript message. Hence breaking the attempt to have the CMA behind a reverse proxy. *** {"data":{"loginToDomain":{"transportOtt":"107ad894-253d-4638-aa31-1c3e7d23172a","transportUrl":"https://100.64.20.29:443/smartconsole/transport","__typename":"LoginToDomainResponse"}}} ***
One Connect not keeping connection open on HTTP 204 No Content
We have an application that returns a 'HTTP 204 No Content' response on 99% of all requests. These connections are being kept open and reused on the client side of the F5. The problem is the Load Balancer closes these connections on the server side right after the HTTP 204 RESPONSE is received from the server. When we send a HTTP 200 the connection is kept open and reused(normal One Connect operation). Is there an iRule that we can apply to the VIP to keep the connection open even when the Server returns a 'HTTP 204 No Content'? ThanksF5 Content Switching
I am coming from a netscaler world where they had an element in the UI for content switching... I know with F5 you can use iRules to select a Pool but the problem I find with that is in the netscaler world you select a virtual server to content switch to which has the advantage of having all of the virtual server specific policies/authenication/waf etc tied to it. Is it possible to use irules to direct to another virtual server with F5 while retaining the same external IP for the client instead of the pool? (ie: I don't want to do a simple redirection from one url to another or ip to another, it needs to be transparent like netscaler does)
