While configuring APM, do we have to have configure self ip for any particular reason or task to perform ? I think for AFM we do, To make sure traffic is allowed on particular vlan which is represented by the self-ip. Please correct me if I am wrong.
I guess it's plausible that your SSL VPN connects to the same internal network you already had configured; one that already had a self-IP configured. It would then at least seem like you didn't need to set a self-ip, which could be understandably misleading.
I would highly recommend getting a team to do the configuration for you, or at least doing more research on self-ips, in addition to having a chat with your SE. It sounds like you have a currently working environment; any misconfiguration could jeopardize your production environment.
Thank you Miles.
Regardless of which modules are enabled, self IP's provide a few functions:
1) They tell the BIG-IP which networks it is directly connected to
2) They provide an endpoint for routes
3) They are required for SNAT and monitoring processes to work correctly
I'd go ahead and configure self IP's for any vlans configured, unless I was implementing a solution that I knew didn't need them.
Thank you so much. I didn't have to configure self ip for SSLVPN to work. My question was, will it be okay not to have self ip configured for ssl vpn ?
SELFIP is the fundamental components that you need to configure in F5, regardless of which module you are using.
So for traffic destined to resources, for an example 172.16.1.2 and.3 should have self ip configured 172.16.1.1 and should be allowed by AFM ? or without configuring self ip it should all 172.16.1.2 and .3 without AFM.
Does APM need self ip configuration for SSL VPN to work ? I get the general idea about the self ip and its importance , but I am question for this particular case.