Forum Discussion

George_33482's avatar
George_33482
Icon for Nimbostratus rankNimbostratus
Mar 07, 2012

Server-initiated Connection what to do?

Hello,

 

 

i have a deployment of an ASM in few days and i need to clarify some points(if possible).

 

The ASM should be installed in a DMZ of a firewall and the server default gateway is the ASM.

 

the connection will be Client->Outside of Firewall->DMZ of firewall (ASM)-> web server.

 

off course all the necessary configuration will be done such as creating a virtual server and

 

bind it to a class.....etc.

 

 

The question is what to do on ASM if the server will initiate the connection??? The connection will be to a database server or any server which resides inside the LAN (Firewall inside).

 

 

Do i have to create a VS and assign it to the vlan facing the server, then bind a snat to it?

 

Is there any other ways?

 

 

Regards,

 

George

 

 

 

 

 

 

config
design

3 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 07, 2012
    Hi George,

     

     

    A VS would be ideal. If you want to set idle timeouts and/or optimized profiles per protocol, you could create port specific virtual servers.

     

     

    Aaron
  • George_33482's avatar
    George_33482
    Icon for Nimbostratus rankNimbostratus
    Mar 08, 2012
    Hi Aaron,

     

    Thank you for your support.

     

     

    Why I would set or change timeouts or use profiles?

     

     

    Regards,

     

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 08, 2012
    For example, you could create a 0.0.0.0:80 VS with a TCP idle timeout set low (maybe 100 seconds) and a 0.0.0.0:3389 VS with a longer idle timeout for RDP (maybe 8 hours?).

     

     

    sol7166: Changing the idle timeout for a protocol profile

     

    http://support.f5.com/kb/en-us/solutions/public/7000/100/sol7166.html

     

     

    Aaron