Forum Discussion

Nimbostratus

Mar 25, 2013

F5 Lync iApp with Cisco firewalls

I have configured the Lync iApp on a F5 LTM in our DMZ behind a Cisco firewall.

The client AV traffic goes through the firewall, hits the F5, which sends it on to one of the edge servers (in the same network as the F5) but when the edge server then replies direct to the client the firewal drops the packet as it hasnt seen a SYN packet from the client to the edge (the original SYN went from the client to the F5).

Am I configuring something wrong here, shouldnt the F5 tell the client to re-connect to the edge directly?

Any help appreciated.

Thanks

Richard

microsoft

partner

22 Replies

MVA
Nimbostratus
Aug 07, 2013
Brian, my understanding is some Lync traffic can't be SNATted, hence the default GW of the F5. Also, the Lync servers can initiate a connection to external clients, this is where the Forwarding VIP comes into play. Lync servers had default GW as F5, F5 then needs to have a mechanism for accepting this traffic (Wildcard forwarding VIP) and what to do with it (Default route). So step 3. for your list is to ensure a route for this traffic from Lync servers to external clients. Our F5 config, we have specific routes for our internal networks and specified the default route as the next hop for external traffic, which is our firewall.

regards,

Mel

Forum Discussion

F5 Lync iApp with Cisco firewalls

22 Replies

Recent Discussions

Find GSLB pool membership from vip IP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Related Content

F5 AFM/Edge Firewall and the difference between Edge Firewalls and Next-generation Firewalls (NGFW)

Integrating SSL Orchestrator with CheckPoint Firewall VM-Explicit Proxy

Integrating SSL Orchestrator with CheckPoint Firewall VM-Bridge Mode (L2)

icmp of management firewall

Cisco ACI Endpoint Learning with a BIG-IP HA Failover