Inside Server Internet Access through F5

Forwarding virtual servers don't have pool members but otherwise, yes.

 

If you wanted to be security minded then you could just open TCP/80 and TCP/443 ( and possibly UDP/53, for DNS ).

 

The other way that you can do it is to configure the F5 as an explicit proxy ( standard VS with modified HTTP profile and DNS resolver ) and set that as the proxy in the server.

 

As with all things F5, you can do it a million ways depending on what you want.

 

Hi,

• First of you have to set the default GW of your internal server to F5 (Int Interface, Floating if it's a cluster or self if it's a standalone)

• create a VS (Forwarding (IP)) with 0.0.0.0:*

in your vs set:

translate-address disabled
translate-port disabled

• If necessary, you can also configure a secure network address translation (SNAT) pool or enable SNAT automap to translate the source address. You may have to do this when forwarding traffic from RFC1918-addressed hosts over publicly routable networks.

So you have to set snat automap in order to avoir asymetric routing and retrieve ext ip.

More, you don't need to set a pool, IP forwarding FW the traffic to the destination IP address that is specified in the request rather than load balancing the traffic to a pool.

for more information:

https://support.f5.com/csp/article/K7595

Let me know if you need more details.

Just for information you have auther possibility to do it, example with a standard vs and pool...

Regards,