Restrict GTM to only allow replies for external users to certain zones

Question

I have a GTM which has many zones configured, some of the resource records are in zone runner and some in Wide IPs pointing to LTMs.&nbsp;
I want to restrict external (internet) users to only be able to look up records in one zone.&nbsp;
Can this be done using an irule on the GTM DNS listener?&nbsp;
I was thinking of using 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 for the range of internal users and the zone name in the irule.&nbsp;
Any help appreciated&nbsp;
Thanks&nbsp;
Richard&nbsp;

ian_johnson_162 · Answer

Richard,&nbsp;
You can just enable the listener on the external VLAN. The default tends to be enabled on all VLANs.&nbsp;
Regards
Ian&nbsp;

richard_22613 · Answer

Thanks, however I should have said that I require the internal users to be able to lookup all zones too.

ian_johnson_162 · Answer

Richard,&nbsp;
The question I should have asked first was if both internal and external users are using the same listener for different WideIP/DNS look ups.&nbsp;
Ian&nbsp;

richard_22613 · Answer

Sorry, yes they are on the same listener.

ian_johnson_162 · Answer

Richard,&nbsp;
You can do this with an iRule assigned to the WideIP in question. There is an old thread on devcentral which goes over this topic&nbsp;
https://devcentral.f5.com/questions/gtm-irule-to-block-certain-ips-dns-query-of-a-wideip&nbsp;
Regards
Ian&nbsp;

Forum Discussion

Restrict GTM to only allow replies for external users to certain zones

10 Replies

Recent Discussions

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Related Content

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

no reply from big3d: timed out

CSV to Address External Datagroup File

F5 iRule Geolocation restriction