Hi Sanjay, sorry for the delayed response.
In a layer 2 mode there’s no pool. The BIG-IP does not participate in layer 3.
However, you can define different VIPs that define source and/or destination IP addresses that act as filters for the traffic. So for example:
- Let’s say you have a backend application at 192.168.1.100. In a layer 2 mode it’s expected that the client will route directly to this destination IP address, where the BIG-IP is physically in the path. When the client request comes to the F5, the destination address will be 192.168.1.100, and you cannot NAT or SNAT at the BIG-IP.
- If you want to create application specific VIPs, you can create different L2 VIP with different destination IP “filters”. So an L2 VIP with a destination address of 192.168.1.100 would only consume that traffic. Again, source and destination IPs in an L2 mode are just filters for the traffic. An L2 VIP otherwise has a virtual-wire VLAN attached, no pool, and address and port translation are disabled.
You could also just create multiple AWAF policies and attach a CPM policy to your L2 VIP that dynamically selects one of the AWAF policies based on the incoming HTTP Host header. For example:
- CPM policy
- Rule 1: HTTP Host is www.f5labs.com on request -> enable asm (waf_policy_a)
- Rule 2: HTTP Host is www1.f5labs.com on request -> enable asm (waf_policy_b)
- Rule 3: disable asm on request