Sure, here you go:
Pool containing the fw
ltm pool /Routing/FW-10.10.13.1 {
members {
/Common/ENV-FW_VLAN13:0 {
address 10.10.13.1
}
}
monitor /Common/gateway_icmp
}
The "Virtual Router" for "outbound traffic"
Listens to all internal VLANs and forwards traffic on to the firewall
ltm virtual /Routing/VirtualRouter13 {
destination /Routing/any:0
mask any
pool /Routing/FW-10.10.13.1
profiles {
/Routing/fastL4 { }
}
source 0.0.0.0/0
translate-address disabled
translate-port disabled
vlans {
/Common/VLAN30
/Common/VLAN60
/Common/VLAN70
/Common/VLAN80
/Common/VLAN90
/Common/VLAN100
/Common/VLAN150
}
vlans-enabled
}
Forwarding for internal VLANs for "inbound" traffic
ltm virtual /Routing/virtualrouter-30 {
destination /Routing/10.10.30.0:0
ip-forward
ip-protocol tcp
mask 255.255.255.255
profiles {
/Common/fastL4 { }
}
source 0.0.0.0/0
translate-address disabled
translate-port disabled
vlans {
/Common/VLAN13
}
vlans-enabled
}
VLAN13 in this example is the external VLAN, and VLAN30 is an internal VLAN. We have one forwarding server for each VLAN. Any inter-VLAN communications passes through the firewall. Forgot to remind you to disable port and address translation for the FastL4.
Sorry about that. 🙂
/Patrik