Virtual Server/Pool Assistant

Question

Hello All, 
&nbsp;My name is Ido Katz and I have a little question:
&nbsp; I have an application that called MT4 which communicating with port 443 but the problem is that I cannot connect to the application if i'm moving the traffic via the F5. 
&nbsp;Basically the thing that I have to do is to create a NAT from the firewall so the external IP will translate to the origin IP (which is the F5 virtual server) and then the F5 supposed to forward the traffic to the pool which will forward the traffic to the node, right? &nbsp;
&nbsp;The facts: 
&nbsp;1.If I will put the server IP address as the origin IP in the firewall it will work. 
&nbsp;2. When I’m putting the F5 virtual server as the origin IP it will not work 
&nbsp;The virtual server configuration is very basic:
&nbsp;The virtual server configured as Standard TCP with port 443, and so is the node. 
&nbsp;Protocol profile (client): TCP-wan-Optimized 
&nbsp;Protocol Profile (server): TCP-Lan-Optimized 
&nbsp;One connect: None 
&nbsp;Http profile: http-wan-optimized-compression 
&nbsp;Stream profile: None 
&nbsp;SSL profile (Client): None 
&nbsp;SSL profile (Server): None 
&nbsp;Address translation is enabled. 
&nbsp;Source port: preserve 
&nbsp;SNAT: Auto Map &nbsp;
&nbsp;Can someone please advise?&nbsp;
&nbsp;Thanks
&nbsp;Ido

nathe · Answer

Ido, 
&nbsp;  
&nbsp; You're certainly right about how the f5 will work, it will listen and then forward traffic to a pool member. First thing to check is that the monitors have marked the pool / node up. Any issues here and the traffic won't get forwarded, even if the origin server is up.  
&nbsp;  
&nbsp; Do you see any connections hitting the VS? Check out the Statistics page in the GUI. If not then it's an issue from the firewall to the f5. If you do see connections then you need to check the route from the f5 to the origin server. Is the origin server IP on the same subset as a configured VLAN on the f5? If not it may need a static route setting up in my experience. 
&nbsp;  
&nbsp; Tcpdump and / or wireshark should help you locate where the issue lies and f5 has the tracepath command as well. 
&nbsp;  
&nbsp; Good luck... 
&nbsp; N

Forum Discussion

Virtual Server/Pool Assistant

1 Reply

Recent Discussions

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

Related Content

IPv6 Virtual Server to IPv4 pools translation

pool members can't connect to another Virtual Server

How to get Virtual servers associated with a specific SNAT pool

New Virtual Server Pool, Self IP and routing configuration

Re: Welcome to the F5 BIG-IP Migration Assistant