Forum Discussion
13 Replies
Sort By
- Brad_Parker_139Nacreous
Yes, if you don't have a wildcard listener, the traffic will not route through the LTM without going through a VIP.
- Steven_J__WilliNimbostratusWhere can I find info on this?
- Brad_Parker_139NacreousIts kinda just how LTM works. Its a default deny device and will not pass traffic unless there is a configured listener. A listener is a virtual address which usually has a configured virtual server. A self-IP itself will not forward packets without these listeners.
- Steven_J__WilliNimbostratusWell I have VIP created on the same subnet as the nodes. I assume its a network as the unit is one armed. and not inline so the servers dont sit behind the F5 per say.
- Brad_ParkerCirrus
Yes, if you don't have a wildcard listener, the traffic will not route through the LTM without going through a VIP.
- Steven_J__WilliNimbostratusWhere can I find info on this?
- Brad_ParkerCirrusIts kinda just how LTM works. Its a default deny device and will not pass traffic unless there is a configured listener. A listener is a virtual address which usually has a configured virtual server. A self-IP itself will not forward packets without these listeners.
- Steven_J__WilliNimbostratusWell I have VIP created on the same subnet as the nodes. I assume its a network as the unit is one armed. and not inline so the servers dont sit behind the F5 per say.
- Henrik_GyllkranNimbostratus
That depends on your network layout. Is the BIG-IP the only way to access the VLAN where the servers reside? If so, then the solution is already in place, because the BIG-IP doesn't forward any traffic that we haven't specifically allowed by way of creating a listener (Virtual Servers in most cases) for that traffic.
However if the server network is accessible through other devices such as routers/firewalls and so on, then you will also need to make sure that path is blocked.