Forum Discussion

Sebastian_Meth

Nimbostratus

Jun 22, 2011

selective forwarding VS with IP and Port filtering

Hi, I have a setup with a F5 ltm behind a firewall. The ltm connects two IP networks. firewall ...

config

design

hooleylist

Cirrostratus

Jun 23, 2011

Hi Sebastian,

You could create a forwarding network virtual server and then add the destination hosts/subnets which should be sent to the firewall to a datagroup. In CLIENT_ACCEPTED, you could check if [IP::local_addr] is in the datagroup using 'class match' for v10 or matchclass for v9. Requests for the firewall would be sent to the firewall pool. All others would be sent to the gateway for the other network. Or you could reverse the logic for matching and have the hosts/subnets which do not need to go through the firewall to the datagroup.

Here's a 10.x example:

when CLIENT_ACCEPTED {

   if {[class match [IP::local_addr] equals firewall_nets_class]}{

      pool firewall_pool
   }
    Default action for non-matching destination hosts is to use the virtual server's default pool
}

Aaron

Forum Discussion

selective forwarding VS with IP and Port filtering

Recent Discussions

Disk space full - what files, folders are safe to delete?

Web acceleration

Content type hearder charset=UTF-8

snmp automatic stop mail send

Slow SSL handshake on "Performance(Layer 4)" VIP.

Related Content

X-Forwarded-For Log Filter for Windows Servers

IIS X-Forward-For ISAPI Filter

SMTP filter and forward proxy

Generic Forward Proxy with Websense Filtering iApp

Pool selection based on X-Forwarded-For header