Forum Discussion
hooleylist
Jun 23, 2011Cirrostratus
Hi Sebastian,
You could create a forwarding network virtual server and then add the destination hosts/subnets which should be sent to the firewall to a datagroup. In CLIENT_ACCEPTED, you could check if [IP::local_addr] is in the datagroup using 'class match' for v10 or matchclass for v9. Requests for the firewall would be sent to the firewall pool. All others would be sent to the gateway for the other network. Or you could reverse the logic for matching and have the hosts/subnets which do not need to go through the firewall to the datagroup.
Here's a 10.x example:
when CLIENT_ACCEPTED {
if {[class match [IP::local_addr] equals firewall_nets_class]}{
pool firewall_pool
}
Default action for non-matching destination hosts is to use the virtual server's default pool
}
Aaron