LAN and DMZ Virtual Servers

Question

Let me start off by saying I'm totally new to F5 LTM and any other F5 product.  I'm working on configuring our F5 and is lost when configuring the proper default gateway.  We have 2 subnets here one for the LAN and the other for our DMZ.  A firewall sets between the two.  Our F5 will contain virtual servers for both subnets.   
  
 As you can image the LAN virtual servers will accept requests from workstations/servers on the lan subnet, let's say 192.168.1.x.  Our DMZ virtual servers (192.168.2.x) will accept requests by way of the internet and servers in the LAN.  NATing and forwarding (internet requests) to this subnet is will be done by our firewall. 
  
 With that said, how should the gateway be configured on the LTM? 
  
 IntranetExtranet 
 ----------------- 
 || 
 || 
 || 
 ------------------------------ 
    F5 LTM 
 192.168.1.x192.168.2.x 
    VLAN1    VLAN2 
 ------------------------------ 
 || 
 || 
 || 
 ------------------------- 
 VLAN1 ServersVLAN2 Servers 
 -------------------------

jrahm · Answer

Well, you can do dynamic gateways by using iRules, but my personal preference is to default all traffic in a DMZ to the public firewall, and enter only necessary static routes in a DMZ device toward the private firewall for internal assets.  I consider the public &amp; private side of the LTM to still be DMZ.

Forum Discussion

LAN and DMZ Virtual Servers

1 Reply

Recent Discussions

preserve client IP on layer 4 VIP

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

virtual server config

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire