TFTP inspection on F5 LTM
Dear Team ,
In our current setup we are using F5 LTM as a inline device in our network and all the request when going outside of the network they get natted to a Single ip in F5 (one of the virtual server IP) and we have forwarding virtual server configured to accept all request .
But when a server behind F5 try to TFTP to a server on different network , it gets fail . The flow of the traffic is :-
TFTP CLient(Source X IP) ---> F5 device(After Patting source ip changes X->Y) --- >Firewall ----> TFTP SERVER
Then the new request automatically generated by TFTP server to tftp client with the nat ip :-
TFTP Server (Destination IP Y with ephermal port)----> Firewall(allowed as inspection is enabled)---->F5 device [Drop the packet]
as the traffic is sent to pat IP(Y in this case) it drop because PAT(port address translation ) is unidireactional .
So is there any method to inspect the TFTP traffic , so that the return traffic (which initiated by the server) can be allowed .