Forum Discussion

scott_h_ryan_82's avatar
scott_h_ryan_82
Icon for Nimbostratus rankNimbostratus
Mar 31, 2009

Ok, simplifying my question even more as ..

I'm still in need of a solution that will work ;-)

 

 

The F5 has a connection to the core carrying vlan 50.

 

 

I want a server in Vlan 60 (DMZ) to talk to the server in VLAN 50

 

 

I want the communication between Vlan 60 and Vlan 50 to go through a firewall. (not using the link carrying vlan 50 from the F5 to the core)

 

 

I setup a Wildcare VS, 0.0.0.0/0.0.0.0 any port, any protocol, performancel4, vlan60, to force that traffic to the firewall instead of across the directly connected link.

 

 

Which route to the 50 network will the F5 choose? the directly connected route over the trunkn link to the core, or through the firewall via the wildcard VS?

 

 

I think that's as simple as I can ask this without someone having to have indepth knowledge of the topology and routing I'm working on.
config
design

2 Replies

Sort By
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Mar 31, 2009
    Hi Scott,

     

     

    Not sure if you saw my other reference in your other post (Click here), but if you've done a Perf L4 wildcard 0.0.0.0 pointing to a pool with the firewall address it should direct the traffic to the firewall and not directly to VLAN 50. I'm not exactly sure what VLAN your firewall is on though? - I'm assuming something other than VLAN50... (or, more accurately, what VLAN will the F5 use to talk to the firewall? As long as it's not VLAN50, I think that should do what you want).

     

     

    Denny
  • scott_h_ryan_82's avatar
    scott_h_ryan_82
    Icon for Nimbostratus rankNimbostratus
    Apr 01, 2009
    Thanks for the reply. The firewall is actually on the same VLAN as the front end vip address... as the interface i'm trying to point traffic to is the DMZ interface on the firewall.... the subnet also has self-ip's on the F5...

     

     

    It "appears" that for some reason or another, this traffic is taking the directly connected path instead of the wildcard VS and going to the firewall.. Not good.