no restriction between vlans behind F5

Question

I have many vlans direct connect to F5 LTM, default forwarding VS is configured to allow external communication to the published services behind F5.
is there a way to isolate vlans behind F5 not to be able to communicate with each other except with access list or policy?&nbsp;

amine_kadimi · Answer

F5 is a default deny device so unless you explicitly allow it, any flow between directly connected VLANs will not pass through.&nbsp;
In your forward VS settings, make sure you didn't allow it to listen on all VLANs. For this, you need to set the "VLAN and Tunnel Traffic" parameter to Enabled on your external vlan only.&nbsp;

amine_kadimi · Answer

In your forwarding VS set "VLAN and Tunnel Traffic" to vlan 100&nbsp;

vijay_e · Answer

If you have multiple server vlans behind the F5 and need to control access between the multiple server vlans, you can explore a few options:&nbsp;
Packet Filters - No licensing fee but these are not stateful from my understanding. Route Domain - No licensing fee but management &amp; troubleshooting can get complicated.AFM Module - Stateful and easy to manage but you would have to pay for extra licensing.

Forum Discussion

no restriction between vlans behind F5

3 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

F5 iRule Geolocation restriction

Irule for restricting access

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header