Forum Discussion

JoeBlogs1759_10's avatar
JoeBlogs1759_10
Icon for Nimbostratus rankNimbostratus
Mar 03, 2009

Proxy in both directions (TCP & Web Proxy)

Hi All,

 

We currently use LTM (BIG-IP 9.1.2 Build 40.6) for in bound request which we load balance to different subnets (some being VLAN groups) but I've recently had a request for outbound Proxy. Essentially a proxy for our servers to connect to the internet for updates or to perform specific tasks on internet sites, to function like an ISA Server for example.

 

My thoughts were to create a VIP with a private address then an iRule to lookup the internet site and plum the IP's in to a pool (not that I know how to do this yet). I'm not sure if this is the correct approach and management isn't ready to purchase additional equipment for just one service.

 

 

Any ideas...?

 

config
design

2 Replies

Sort By
  • James_Quinby_46's avatar
    James_Quinby_46
    Historic F5 Account
    Mar 05, 2009
    If all you need to do is provide connectivity to the internet for some servers behind the LTM, a forwarding virtual server with a NAT will do the trick.

     

     

    Have a look at this for an overview on the forwarding VS:

     

     

    https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html

     

     

    ...and here for more details on (S)NATs

     

     

    https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/LTM_config_guide_943/ltm_addrtrans.html1203353
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Mar 05, 2009
    Keep in mind that forwarding virtua servers simply allows traffic to traverse the load balancer, but it isn't actually behaving like a proxy. I.E. it's not initiating a seperate request or holding any cache, etc, etc.

     

     

    CB