Setup F5 as Outbound Proxy

OK, for 1) Can I assume it's the servers in your 'diagram' that need to be proxied out? Do there need to be any restrictions? Are the servers able to do their own DNS lookups? I assume we need to SNAT source IPs to the previous Apache proxy IP right?

Hi Steve,

 

Yes, you are correct, but I have a few issues with that...

 

1) To SNAT, I would require to make the F5 floating IP the default gateway for that server, which means that I may have to do a route add or something of the sort in the server . .

 

2) To do a route add, I need to specify a destination range, but I dont have that luxury, because the destination could be any where on the internet or a WAN...

 

Hi Steve,

 

Yes, you are correct, but I have a few issues with that...

 

1) To SNAT, I would require to make the F5 floating IP the default gateway for that server, which means that I may have to do a route add or something of the sort in the server . .

 

2) To do a route add, I need to specify a destination range, but I dont have that luxury, because the destination could be any where on the internet or a WAN...

 

 

Can you (or anyone) advise on what to do

 

I need to replace the Apache server with F5 Big IP.

 

I know that the Apache Server's Local IP will now become a virtual Server on Big IP (especially as it has been configured for outbound traffic on the Firewall).

 

How do I configure this to work?is it explicit web proxy? if so, is http forward proxy irule usable?

 

 

HTTP Forward Proxy - v3.2

 

https://devcentral.f5.com/wiki/irules.HTTP-Forward-Proxy-v3-2.ashx

 

 

The IP of this server is configured to connect to these entities on the firewall.

 

I need to make this server get proxied by F5 and also have all the services work normally by pushing traffic out via F5.how is bigip deployed? can sever's default gateway be bigip?

I need to replace the Apache server with F5 Big IP.

 

I know that the Apache Server's Local IP will now become a virtual Server on Big IP (especially as it has been configured for outbound traffic on the Firewall).

 

How do I configure this to work?

 

-------------------------------------------

 

is it explicit web proxy? if so, is http forward proxy irule usable?

 

 

Well, I just need it to handle outbound traffic. I shall investigate the irule using the URL below.

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-3-0/14.html

 

 

The IP of this server is configured to connect to these entities on the firewall.

 

I need to make this server get proxied by F5 and also have all the services work normally by pushing traffic out via F5.

 

how is bigip deployed? can sever's default gateway be bigip?

 

 

I have a couple of VLANs, Big IP plugs into the core switch and has a leg in every VLAN. so any outbound permission for F5 must exist on my firewall. I tried making Big IP the default gateway and I couldn't reach it by RDP again . . .

 

 

 

Hello all,

 

 

Please can someone advise on this?

 

 

I have waited for a response since last week!!!

If you make the F5 your default gateway, you might need to add a forwarding IP vitrual server with destination 0.0.0.0 and enabling on your internal vlan(s) only. (vlans behind the F5)

Thanks, I understand this part, If you make the F5 your default gateway, you might need to add a forwarding IP vitrual server with destination 0.0.0.0

 

 

But I dont understand this part enabling on your internal vlan(s) only. (vlans behind the F5) . Can you shed more light please?

He is correct. You just need the ip forwarding virtual server. As for the "enabling your internal vlans", this is by default. You don' have to change anything to make this happen. This article will walk you through it.

 

https://devcentral.f5.com/tech-tips/articles/ltm-configuring-ip-forwarding.UfEmHvMo6M8

 

 

Create the virtual first and then come back with questions.

 

Make the rest of your infrastructure has the correct routing in place.