Forum Discussion
VernonWells
Employee
For the first one, you would need to create a forwarding VS with all protocols enabled. Then, for the VS "source", set it to 192.168.0.1, and set VLANs Enabled On your DMZ VLAN only. Finally apply this rule:
when CLIENT_ACCEPTED {
if { [IP::protocol] != 1 && (!([IP::protocol] == 17 && [UDP::local_port] == 53)) && (!([IP::protocol] == 6 && [class match [TCP::local_port] equals dg_dmz_to_external_ports_allowed])) } {
drop
return
}
}
I don't really understand your second condition, I'm afraid.
Having said all of this, you really should look at using packet filters:
or better yet, add AFM:
http://www.f5.com/pdf/products/big-ip-advanced-firewall-manager-datasheet.pdf
DeepakK_154002
Dec 08, 2014Nimbostratus
Dear Vernon the questions i asked to you its belong to Microsoft ISA and i want to replace Microsoft ISA to F5. So for these setting i have to use LTM,ASM,AFM,SWGA. M i right?